Prosím o kontrolu. PC je jaksi LÍNÉ...
Moc děkuji
juráš
Logfile of random's system information tool 1.09 (written by random/random)
Run by juras at 2014-02-16 10:24:08
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 196 GB (82%) free of 238 GB
Total RAM: 2815 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:15, on 16.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\DOWN\RSIT.exe
C:\Program Files\trend micro\juras.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [0AFC188F9B23403C513AD4F818256DB928A37312._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill form using Password Manager XP - C:\Program Files\Password Manager XP\InsPwd.htm
O8 - Extra context menu item: Generate password using Password Manager XP - C:\Program Files\Password Manager XP\GenPwd.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Save form data to Password Manager XP - C:\Program Files\Password Manager XP\SavePwd.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Password Manager XP - {7379d689-cc96-451d-b46e-6bbe4ca6b02d} - C:\Program Files\Password Manager XP\PwdManager.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba (ABBYY.Licensing.PDFTransformer.Classic.3.0) - ABBYY - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7209 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2011-10-13 5574456]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"=C:\Program Files\Google\Chrome\Application\chrome.exe [2014-02-02 866632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2014-02-03 208384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SynchronousMachineGroupPolicy"=1
"SynchronousUserGroupPolicy"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-02-16 10:24:08 ----D---- C:\rsit
2014-02-15 20:25:51 ----A---- C:\Windows\system32\mstscax.dll
2014-02-15 17:58:32 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 17:58:31 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 17:58:31 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-15 17:58:30 ----A---- C:\Windows\system32\wksprtPS.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\wksprt.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\tsgqec.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\mstsc.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-15 17:57:55 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-02-12 10:55:10 ----SHD---- C:\$RECYCLE.BIN
2014-02-12 07:48:05 ----A---- C:\Windows\system32\ieui.dll
2014-02-12 07:48:05 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-12 07:48:04 ----A---- C:\Windows\system32\msrating.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\iesetup.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\iernonce.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-12 07:48:02 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-12 07:48:02 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-12 07:48:01 ----A---- C:\Windows\system32\wininet.dll
2014-02-12 07:48:01 ----A---- C:\Windows\system32\iertutil.dll
2014-02-12 07:48:00 ----A---- C:\Windows\system32\urlmon.dll
2014-02-12 07:47:59 ----A---- C:\Windows\system32\ieframe.dll
2014-02-12 07:47:58 ----A---- C:\Windows\system32\mshtml.dll
2014-02-12 07:47:58 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 07:42:13 ----SHD---- C:\Config.Msi
2014-02-12 07:41:04 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 07:34:44 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 07:34:44 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:34:00 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 07:33:42 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 07:33:42 ----A---- C:\Windows\system32\d2d1.dll
2014-02-11 18:03:21 ----D---- C:\Users\juras\AppData\Roaming\ioloGovernor
2014-02-11 18:01:44 ----A---- C:\Windows\system32\mfc45.dat
2014-02-11 17:27:15 ----D---- C:\ProgramData\d82a7d42467570e6
2014-02-11 17:25:48 ----D---- C:\ProgramData\InstallMate
2014-02-11 13:48:19 ----D---- C:\Users\juras\AppData\Roaming\uTorrent
2014-02-11 12:28:16 ----D---- C:\Program Files\Seznam.cz
2014-02-07 18:03:46 ----D---- C:\ProgramData\Trymedia
2014-02-07 18:03:39 ----D---- C:\Program Files\PopCap Games
2014-02-07 18:03:39 ----A---- C:\Windows\popcinfo.dat
2014-02-07 14:33:17 ----D---- C:\Users\juras\AppData\Roaming\Google
2014-02-03 17:01:39 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-03 17:01:39 ----A---- C:\Windows\system32\elshyph.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-03 17:01:38 ----A---- C:\Windows\system32\msls31.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\jsIntl.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\ieapfltr.dat
2014-02-03 17:01:38 ----A---- C:\Windows\system32\icardie.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\dxtrans.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\dxtmsft.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\wextract.exe
2014-02-03 17:01:37 ----A---- C:\Windows\system32\webcheck.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\url.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\mshtmled.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\licmgr10.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\inseng.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\iexpress.exe
2014-02-03 17:01:37 ----A---- C:\Windows\system32\iedkcs32.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\pngfilt.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\occache.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\mshtmler.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\mshta.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\msfeedssync.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\jscript.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\imgutil.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\iesysprep.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\iepeers.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\IEAdvpack.dll
2014-02-03 16:55:47 ----D---- C:\Windows\Migration
2014-02-03 16:37:46 ----D---- C:\Program Files\MSXML 4.0
2014-02-03 16:37:36 ----D---- C:\Program Files\PC Connectivity Solution
2014-02-03 16:32:54 ----D---- C:\ProgramData\Installations
2014-01-27 14:10:02 ----D---- C:\Users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 14:09:28 ----D---- C:\Program Files\MetLife
======List of files/folders modified in the last 1 month======
2014-02-16 10:24:15 ----D---- C:\Windows\Prefetch
2014-02-16 10:24:10 ----D---- C:\Program Files\trend micro
2014-02-16 10:24:09 ----D---- C:\Windows\Temp
2014-02-16 09:32:28 ----D---- C:\Windows\system32\config
2014-02-15 20:26:15 ----D---- C:\Windows\System32
2014-02-15 20:26:08 ----SHD---- C:\System Volume Information
2014-02-15 20:25:29 ----D---- C:\Windows\system32\catroot
2014-02-15 20:25:28 ----D---- C:\Windows\winsxs
2014-02-15 18:00:30 ----D---- C:\Windows\inf
2014-02-15 18:00:05 ----D---- C:\Windows
2014-02-15 17:59:02 ----D---- C:\Windows\system32\DriverStore
2014-02-15 17:59:02 ----D---- C:\Windows\system32\drivers\en-US
2014-02-15 17:59:02 ----D---- C:\Windows\system32\drivers
2014-02-15 17:59:02 ----D---- C:\Windows\system32\cs-CZ
2014-02-15 17:58:37 ----D---- C:\Windows\system32\catroot2
2014-02-15 17:54:18 ----D---- C:\Program Files\Google
2014-02-15 17:47:58 ----D---- C:\Users\juras\AppData\Roaming\Vso
2014-02-15 17:44:25 ----AD---- C:\ProgramData\Temp
2014-02-15 07:18:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-13 12:58:50 ----D---- C:\Users\juras\AppData\Roaming\vlc
2014-02-13 12:53:46 ----D---- C:\Users\juras\AppData\Roaming\dvdcss
2014-02-12 17:12:24 ----D---- C:\Windows\rescache
2014-02-12 10:56:10 ----D---- C:\Windows\SoftwareDistribution
2014-02-12 10:51:50 ----D---- C:\Boot
2014-02-12 10:33:23 ----D---- C:\Windows\debug
2014-02-12 09:14:50 ----D---- C:\Program Files\Internet Explorer
2014-02-12 08:04:29 ----D---- C:\Windows\Microsoft.NET
2014-02-12 07:55:41 ----D---- C:\Windows\assembly
2014-02-12 07:50:30 ----SHD---- C:\Windows\Installer
2014-02-12 07:50:17 ----D---- C:\ProgramData\Microsoft Help
2014-02-12 07:47:13 ----D---- C:\Windows\system32\MRT
2014-02-12 07:44:31 ----A---- C:\Windows\system32\MRT.exe
2014-02-12 07:41:55 ----A---- C:\Windows\win.ini
2014-02-12 07:37:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-11 18:17:31 ----D---- C:\ProgramData
2014-02-11 18:17:31 ----D---- C:\Program Files
2014-02-11 18:04:30 ----D---- C:\Windows\system32\Tasks
2014-02-11 17:27:14 ----D---- C:\Users
2014-02-06 15:06:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-02-03 17:39:06 ----D---- C:\Windows\Panther
2014-02-03 17:39:06 ----D---- C:\Windows\Logs
2014-02-03 17:05:21 ----D---- C:\Windows\system32\migration
2014-02-03 17:05:21 ----D---- C:\Windows\system32\en-US
2014-02-03 17:05:21 ----D---- C:\Windows\PolicyDefinitions
2014-02-03 16:55:47 ----D---- C:\ProgramData\Microsoft
2014-02-03 16:46:05 ----D---- C:\Windows\system32\drivers\UMDF
2014-02-03 16:37:42 ----DC---- C:\Windows\system32\DRVSTORE
2014-02-03 16:36:57 ----D---- C:\Program Files\Nokia
2014-02-03 16:35:53 ----D---- C:\Program Files\Common Files\Nokia
2014-01-24 20:32:17 ----D---- C:\Program Files\CCleaner
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2011-07-08 104024]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-05-26 170528]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-11-14 600928]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2013-10-23 114376]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16:41]; \??\C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 76560]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2011-07-15 13216]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13:41]; \??\C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 76560]
S2 ntk_PowerDVD;ntk_PowerDVD; C:\Windows\system32\drivers\ntk_PowerDVD.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2011-07-08 197224]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-12-17 804952]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
R2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
R2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2011-12-26 186760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-29 867080]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 108032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontolu logu
Zdravím, smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Prosím o kontolu logu
Roli,
moc díky za postup.
Udělal jsem požadované. Combo se s tím pralo více než hodinu, takže odpovídám až nyní
Báječný večer
juráš
# AdwCleaner v3.018 - Report created 16/02/2014 at 19:12:07
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : juras - JURAS-PC
# Running from : C:\Users\juras\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\juras\AppData\Local\torch
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\juras\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R3].txt - [1038 octets] - [16/02/2014 19:12:07]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1098 octets] ##########
ComboFix 14-02-16.01 - juras 16.02.2014 19:15:56.8.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2815.1934 [GMT 1:00]
Spuštěný z: C:\Users\juras\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-16 do 2014-02-16 )))))))))))))))))))))))))))))))
2014-02-16 18:11:54 . 2014-02-16 18:12:46 -------- d-----w- C:\AdwCleaner
2014-02-16 09:24:08 . 2014-02-16 09:24:18 -------- d-----w- C:\rsit
2014-02-16 08:46:08 . 2014-02-16 08:46:08 62576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C5BF78A-9F12-4263-8944-2D73F26F9FE0}\offreg.dll
2014-02-15 19:25:51 . 2013-11-26 23:29:48 5693440 ----a-w- C:\Windows\system32\mstscax.dll
2014-02-15 16:58:32 . 2013-10-01 23:45:04 32256 ----a-w- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 16:58:31 . 2013-10-02 00:42:31 49152 ----a-w- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-15 16:58:31 . 2013-10-02 00:32:40 12800 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 16:58:30 . 2013-10-02 00:30:38 14336 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 16:58:30 . 2013-10-02 00:14:58 50176 ----a-w- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-15 16:58:30 . 2013-10-02 00:14:20 17920 ----a-w- C:\Windows\system32\wksprtPS.dll
2014-02-15 16:58:30 . 2013-10-01 23:58:48 53248 ----a-w- C:\Windows\system32\tsgqec.dll
2014-02-15 16:58:30 . 2013-10-01 23:08:10 855552 ----a-w- C:\Windows\system32\rdvidcrl.dll
2014-02-15 16:58:30 . 2013-10-01 23:00:15 76288 ----a-w- C:\Windows\system32\TSWbPrxy.exe
2014-02-15 16:58:30 . 2013-10-01 22:53:46 350208 ----a-w- C:\Windows\system32\wksprt.exe
2014-02-15 16:58:30 . 2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\system32\mstsc.exe
2014-02-15 16:57:55 . 2013-09-25 01:57:53 792576 ----a-w- C:\Windows\system32\TSWorkspace.dll
2014-02-14 06:07:05 . 2013-12-04 02:57:47 7760024 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C5BF78A-9F12-4263-8944-2D73F26F9FE0}\mpengine.dll
2014-02-12 06:47:58 . 2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\system32\jscript9.dll
2014-02-12 06:41:04 . 2013-12-21 08:56:47 454656 ----a-w- C:\Windows\system32\vbscript.dll
2014-02-12 06:34:44 . 2013-12-06 02:02:08 2048 ----a-w- C:\Windows\system32\msxml3r.dll
2014-02-12 06:34:44 . 2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\system32\msxml3.dll
2014-02-12 06:34:01 . 2013-12-04 01:54:10 594944 ----a-w- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 06:34:01 . 2013-12-04 01:54:09 572416 ----a-w- C:\Windows\system32\RMActivate.exe
2014-02-12 06:34:01 . 2013-12-04 01:54:06 508928 ----a-w- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 06:34:00 . 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 06:34:00 . 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\system32\secproc_ssp.dll
2014-02-12 06:34:00 . 2013-12-04 02:03:20 423936 ----a-w- C:\Windows\system32\secproc_isv.dll
2014-02-12 06:34:00 . 2013-12-04 02:03:08 428032 ----a-w- C:\Windows\system32\secproc.dll
2014-02-12 06:34:00 . 2013-12-04 02:02:06 390144 ----a-w- C:\Windows\system32\msdrm.dll
2014-02-12 06:34:00 . 2013-12-04 01:54:14 510976 ----a-w- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 06:33:42 . 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\system32\d3d10warp.dll
2014-02-12 06:33:42 . 2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\system32\d2d1.dll
2014-02-11 17:03:21 . 2014-02-11 17:03:21 -------- d-----w- C:\Users\juras\AppData\Roaming\ioloGovernor
2014-02-11 17:01:44 . 2014-02-11 17:13:38 74703 ----a-w- C:\Windows\system32\mfc45.dat
2014-02-11 16:27:15 . 2014-02-11 16:27:15 -------- d-----w- C:\Users\juras\AppData\Local\Torch
2014-02-11 16:27:15 . 2014-02-11 16:27:15 -------- d-----w- C:\Users\juras\AppData\Local\Comodo
2014-02-11 16:27:15 . 2014-02-11 16:27:15 -------- d-----w- C:\ProgramData\d82a7d42467570e6
2014-02-11 16:27:14 . 2014-02-11 16:27:14 -------- d-----w- C:\Users\Guest
2014-02-11 16:27:14 . 2014-02-11 16:27:14 -------- d-----w- C:\Users\Administrator
2014-02-11 16:25:48 . 2014-02-11 16:25:48 -------- d-----w- C:\ProgramData\InstallMate
2014-02-11 12:48:19 . 2014-02-13 17:13:54 -------- d-----w- C:\Users\juras\AppData\Roaming\uTorrent
2014-02-11 11:28:16 . 2014-02-11 11:49:47 -------- d-----w- C:\Program Files\Seznam.cz
2014-02-07 17:03:46 . 2014-02-07 17:03:46 -------- d-----w- C:\ProgramData\Trymedia
2014-02-07 17:03:39 . 2014-02-07 17:03:39 -------- d-----w- C:\Program Files\PopCap Games
2014-02-03 15:55:47 . 2014-02-03 15:55:47 -------- d-----w- C:\Windows\Migration
2014-02-03 15:37:46 . 2014-02-03 15:37:46 -------- d-----w- C:\Program Files\MSXML 4.0
2014-02-03 15:37:36 . 2014-02-03 15:37:38 -------- d-----w- C:\Program Files\PC Connectivity Solution
2014-02-03 15:36:02 . 2014-02-03 15:36:02 73728 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36:02 . 2014-02-03 15:36:02 73728 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36:02 . 2014-02-03 15:36:02 49152 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2014-02-03 15:36:02 . 2014-02-03 15:36:02 49152 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2014-02-03 15:36:01 . 2014-02-03 15:36:01 53248 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2014-02-03 15:35:54 . 2014-02-03 15:35:54 -------- d-----w- C:\Users\juras\AppData\Local\Nokia
2014-02-03 15:32:54 . 2014-02-03 15:32:59 -------- d-----w- C:\ProgramData\Installations
2014-01-27 13:10:02 . 2014-01-27 13:10:02 -------- d-----w- C:\Users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 13:09:28 . 2014-01-27 13:09:28 -------- d-----w- C:\Program Files\MetLife
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2014-02-06 14:06:12 . 2012-03-31 05:47:06 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2014-02-06 14:06:12 . 2011-05-29 04:29:16 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 05:13:56 . 2011-05-26 06:59:32 231584 ------w- C:\Windows\system32\MpSigStub.exe
2013-12-09 08:21:46 . 2013-12-07 09:48:54 344064 ----a-r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\rarlng.dll
2013-11-27 01:14:25 . 2014-01-15 12:06:16 258560 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2013-11-27 01:13:46 . 2014-01-15 12:06:16 284672 ----a-w- C:\Windows\system32\drivers\usbport.sys
2013-11-27 01:13:44 . 2014-01-15 12:06:16 76288 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2013-11-27 01:13:41 . 2014-01-15 12:06:16 43520 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2013-11-27 01:13:38 . 2014-01-15 12:06:16 20480 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2013-11-27 01:13:36 . 2014-01-15 12:06:16 24064 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2013-11-27 01:13:33 . 2014-01-15 12:06:16 6016 ----a-w- C:\Windows\system32\drivers\usbd.sys
2013-11-26 11:11:29 . 2014-01-15 12:06:17 240576 ----a-w- C:\Windows\system32\drivers\netio.sys
2013-11-26 10:10:21 . 2014-01-15 12:06:17 2349056 ----a-w- C:\Windows\system32\win32k.sys
2013-11-23 18:26:20 . 2013-12-20 08:49:59 417792 ----a-w- C:\Windows\system32\WMPhoto.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2010-11-20 12:21:33 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\user32.dll
[7] 2010-11-20 12:21:33 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 01:16:17 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"="C:\Program Files\Google\Chrome\Application\chrome.exe" [2014-02-01 23:42:39 866632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 06:00:22 5574456]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 11:06:06 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48:33 479232]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-1-3 1392640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Catalyst Control Centre: Command Line Interface"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe" Start CCC
"DIMProbíhá stahování aktualizace...1338924290338"="c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.exe" "c:\programdata\corel\downloads\540240626_310002\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\juras\appdata\roaming\corel\messages\540240626_310002\cz\messagecache2\workflow"
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"PowerDVD13Agent"="C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE -startup
"TNOD UP"="C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
"NSU_agent"="C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13:41];C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48:36 76560]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 13:50:32 701512]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe [2014-02-06 09:47:18 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:44:32 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2011-07-08 13:51:19 197224]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 00:42:31 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-26 10:13:36 1343400]
R4 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 07:12:13 752128]
S1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 14:17:38 188808]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 14:17:38 134248]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16:41];C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48:36 76560]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 14:51:07 759048]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 03:45:56 169312]
S2 afcdpsrv;Služba Acronis Nonstop Backup;C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 07:12:14 3246040]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 05:22:34 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 05:22:36 327432]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 11:06:22 1337752]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 14:17:38 122376]
S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys [2011-11-14 07:12:16 167968]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2013-04-04 13:50:32 22856]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 12:36:50 514152]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-11 10:43:04 1211720 ----a-w- C:\Program Files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
Obsah adresáře 'Naplánované úlohy'
2014-02-16 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 05:47:07 . 2014-02-06 14:07:02]
2014-02-11 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49:34 . 2013-09-09 09:49:32]
2014-02-11 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49:34 . 2013-09-09 09:49:32]
------- Doplňkový sken -------
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill form using Password Manager XP - C:\Program Files\Password Manager XP\InsPwd.htm
IE: Generate password using Password Manager XP - C:\Program Files\Password Manager XP\GenPwd.htm
IE: Od&eslat do aplikace OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Save form data to Password Manager XP - C:\Program Files\Password Manager XP\SavePwd.htm
TCP: DhcpNameServer = 10.0.0.138
moc díky za postup.
Udělal jsem požadované. Combo se s tím pralo více než hodinu, takže odpovídám až nyní
Báječný večer
juráš
# AdwCleaner v3.018 - Report created 16/02/2014 at 19:12:07
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : juras - JURAS-PC
# Running from : C:\Users\juras\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\juras\AppData\Local\torch
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\juras\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R3].txt - [1038 octets] - [16/02/2014 19:12:07]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1098 octets] ##########
ComboFix 14-02-16.01 - juras 16.02.2014 19:15:56.8.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2815.1934 [GMT 1:00]
Spuštěný z: C:\Users\juras\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-16 do 2014-02-16 )))))))))))))))))))))))))))))))
2014-02-16 18:11:54 . 2014-02-16 18:12:46 -------- d-----w- C:\AdwCleaner
2014-02-16 09:24:08 . 2014-02-16 09:24:18 -------- d-----w- C:\rsit
2014-02-16 08:46:08 . 2014-02-16 08:46:08 62576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C5BF78A-9F12-4263-8944-2D73F26F9FE0}\offreg.dll
2014-02-15 19:25:51 . 2013-11-26 23:29:48 5693440 ----a-w- C:\Windows\system32\mstscax.dll
2014-02-15 16:58:32 . 2013-10-01 23:45:04 32256 ----a-w- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 16:58:31 . 2013-10-02 00:42:31 49152 ----a-w- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-15 16:58:31 . 2013-10-02 00:32:40 12800 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 16:58:30 . 2013-10-02 00:30:38 14336 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 16:58:30 . 2013-10-02 00:14:58 50176 ----a-w- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-15 16:58:30 . 2013-10-02 00:14:20 17920 ----a-w- C:\Windows\system32\wksprtPS.dll
2014-02-15 16:58:30 . 2013-10-01 23:58:48 53248 ----a-w- C:\Windows\system32\tsgqec.dll
2014-02-15 16:58:30 . 2013-10-01 23:08:10 855552 ----a-w- C:\Windows\system32\rdvidcrl.dll
2014-02-15 16:58:30 . 2013-10-01 23:00:15 76288 ----a-w- C:\Windows\system32\TSWbPrxy.exe
2014-02-15 16:58:30 . 2013-10-01 22:53:46 350208 ----a-w- C:\Windows\system32\wksprt.exe
2014-02-15 16:58:30 . 2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\system32\mstsc.exe
2014-02-15 16:57:55 . 2013-09-25 01:57:53 792576 ----a-w- C:\Windows\system32\TSWorkspace.dll
2014-02-14 06:07:05 . 2013-12-04 02:57:47 7760024 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C5BF78A-9F12-4263-8944-2D73F26F9FE0}\mpengine.dll
2014-02-12 06:47:58 . 2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\system32\jscript9.dll
2014-02-12 06:41:04 . 2013-12-21 08:56:47 454656 ----a-w- C:\Windows\system32\vbscript.dll
2014-02-12 06:34:44 . 2013-12-06 02:02:08 2048 ----a-w- C:\Windows\system32\msxml3r.dll
2014-02-12 06:34:44 . 2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\system32\msxml3.dll
2014-02-12 06:34:01 . 2013-12-04 01:54:10 594944 ----a-w- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 06:34:01 . 2013-12-04 01:54:09 572416 ----a-w- C:\Windows\system32\RMActivate.exe
2014-02-12 06:34:01 . 2013-12-04 01:54:06 508928 ----a-w- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 06:34:00 . 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 06:34:00 . 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\system32\secproc_ssp.dll
2014-02-12 06:34:00 . 2013-12-04 02:03:20 423936 ----a-w- C:\Windows\system32\secproc_isv.dll
2014-02-12 06:34:00 . 2013-12-04 02:03:08 428032 ----a-w- C:\Windows\system32\secproc.dll
2014-02-12 06:34:00 . 2013-12-04 02:02:06 390144 ----a-w- C:\Windows\system32\msdrm.dll
2014-02-12 06:34:00 . 2013-12-04 01:54:14 510976 ----a-w- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 06:33:42 . 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\system32\d3d10warp.dll
2014-02-12 06:33:42 . 2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\system32\d2d1.dll
2014-02-11 17:03:21 . 2014-02-11 17:03:21 -------- d-----w- C:\Users\juras\AppData\Roaming\ioloGovernor
2014-02-11 17:01:44 . 2014-02-11 17:13:38 74703 ----a-w- C:\Windows\system32\mfc45.dat
2014-02-11 16:27:15 . 2014-02-11 16:27:15 -------- d-----w- C:\Users\juras\AppData\Local\Torch
2014-02-11 16:27:15 . 2014-02-11 16:27:15 -------- d-----w- C:\Users\juras\AppData\Local\Comodo
2014-02-11 16:27:15 . 2014-02-11 16:27:15 -------- d-----w- C:\ProgramData\d82a7d42467570e6
2014-02-11 16:27:14 . 2014-02-11 16:27:14 -------- d-----w- C:\Users\Guest
2014-02-11 16:27:14 . 2014-02-11 16:27:14 -------- d-----w- C:\Users\Administrator
2014-02-11 16:25:48 . 2014-02-11 16:25:48 -------- d-----w- C:\ProgramData\InstallMate
2014-02-11 12:48:19 . 2014-02-13 17:13:54 -------- d-----w- C:\Users\juras\AppData\Roaming\uTorrent
2014-02-11 11:28:16 . 2014-02-11 11:49:47 -------- d-----w- C:\Program Files\Seznam.cz
2014-02-07 17:03:46 . 2014-02-07 17:03:46 -------- d-----w- C:\ProgramData\Trymedia
2014-02-07 17:03:39 . 2014-02-07 17:03:39 -------- d-----w- C:\Program Files\PopCap Games
2014-02-03 15:55:47 . 2014-02-03 15:55:47 -------- d-----w- C:\Windows\Migration
2014-02-03 15:37:46 . 2014-02-03 15:37:46 -------- d-----w- C:\Program Files\MSXML 4.0
2014-02-03 15:37:36 . 2014-02-03 15:37:38 -------- d-----w- C:\Program Files\PC Connectivity Solution
2014-02-03 15:36:02 . 2014-02-03 15:36:02 73728 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36:02 . 2014-02-03 15:36:02 73728 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36:02 . 2014-02-03 15:36:02 49152 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2014-02-03 15:36:02 . 2014-02-03 15:36:02 49152 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2014-02-03 15:36:01 . 2014-02-03 15:36:01 53248 ----a-r- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2014-02-03 15:35:54 . 2014-02-03 15:35:54 -------- d-----w- C:\Users\juras\AppData\Local\Nokia
2014-02-03 15:32:54 . 2014-02-03 15:32:59 -------- d-----w- C:\ProgramData\Installations
2014-01-27 13:10:02 . 2014-01-27 13:10:02 -------- d-----w- C:\Users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 13:09:28 . 2014-01-27 13:09:28 -------- d-----w- C:\Program Files\MetLife
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2014-02-06 14:06:12 . 2012-03-31 05:47:06 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2014-02-06 14:06:12 . 2011-05-29 04:29:16 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 05:13:56 . 2011-05-26 06:59:32 231584 ------w- C:\Windows\system32\MpSigStub.exe
2013-12-09 08:21:46 . 2013-12-07 09:48:54 344064 ----a-r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\rarlng.dll
2013-11-27 01:14:25 . 2014-01-15 12:06:16 258560 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2013-11-27 01:13:46 . 2014-01-15 12:06:16 284672 ----a-w- C:\Windows\system32\drivers\usbport.sys
2013-11-27 01:13:44 . 2014-01-15 12:06:16 76288 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2013-11-27 01:13:41 . 2014-01-15 12:06:16 43520 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2013-11-27 01:13:38 . 2014-01-15 12:06:16 20480 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2013-11-27 01:13:36 . 2014-01-15 12:06:16 24064 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2013-11-27 01:13:33 . 2014-01-15 12:06:16 6016 ----a-w- C:\Windows\system32\drivers\usbd.sys
2013-11-26 11:11:29 . 2014-01-15 12:06:17 240576 ----a-w- C:\Windows\system32\drivers\netio.sys
2013-11-26 10:10:21 . 2014-01-15 12:06:17 2349056 ----a-w- C:\Windows\system32\win32k.sys
2013-11-23 18:26:20 . 2013-12-20 08:49:59 417792 ----a-w- C:\Windows\system32\WMPhoto.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2010-11-20 12:21:33 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\user32.dll
[7] 2010-11-20 12:21:33 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 01:16:17 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"="C:\Program Files\Google\Chrome\Application\chrome.exe" [2014-02-01 23:42:39 866632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 06:00:22 5574456]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 11:06:06 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48:33 479232]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-1-3 1392640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Catalyst Control Centre: Command Line Interface"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe" Start CCC
"DIMProbíhá stahování aktualizace...1338924290338"="c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.exe" "c:\programdata\corel\downloads\540240626_310002\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\juras\appdata\roaming\corel\messages\540240626_310002\cz\messagecache2\workflow"
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"PowerDVD13Agent"="C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE -startup
"TNOD UP"="C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
"NSU_agent"="C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13:41];C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48:36 76560]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 13:50:32 701512]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe [2014-02-06 09:47:18 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:44:32 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2011-07-08 13:51:19 197224]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 00:42:31 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-26 10:13:36 1343400]
R4 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 07:12:13 752128]
S1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 14:17:38 188808]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 14:17:38 134248]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16:41];C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48:36 76560]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 14:51:07 759048]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 03:45:56 169312]
S2 afcdpsrv;Služba Acronis Nonstop Backup;C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 07:12:14 3246040]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 05:22:34 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 05:22:36 327432]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 11:06:22 1337752]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 14:17:38 122376]
S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys [2011-11-14 07:12:16 167968]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2013-04-04 13:50:32 22856]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 12:36:50 514152]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-11 10:43:04 1211720 ----a-w- C:\Program Files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
Obsah adresáře 'Naplánované úlohy'
2014-02-16 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 05:47:07 . 2014-02-06 14:07:02]
2014-02-11 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49:34 . 2013-09-09 09:49:32]
2014-02-11 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49:34 . 2013-09-09 09:49:32]
------- Doplňkový sken -------
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill form using Password Manager XP - C:\Program Files\Password Manager XP\InsPwd.htm
IE: Generate password using Password Manager XP - C:\Program Files\Password Manager XP\GenPwd.htm
IE: Od&eslat do aplikace OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Save form data to Password Manager XP - C:\Program Files\Password Manager XP\SavePwd.htm
TCP: DhcpNameServer = 10.0.0.138
Re: Prosím o kontolu logu
Mám vynadat synkovi? Nebo přeinstalovat na trail?
Nebo ...
A to byla ta chyba?
I tak děkuji za pomoc.
juráš
Nebo ...
A to byla ta chyba?
I tak děkuji za pomoc.
juráš
Re: Prosím o kontolu logu
To první ano, to druhé >> nainstalovat OpenOffice zdarma.devet píše:Mám vynadat synkovi? Nebo přeinstalovat na trail?
Pak bych rád znovu aktuální log z ComboFix.
Re: Prosím o kontolu logu
Roli,
ComboFix 14-02-18.01 - juras 19.02.2014 7:54.9.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2815.1503 [GMT 1:00]
Spuštěný z: c:\users\juras\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-19 do 2014-02-19 )))))))))))))))))))))))))))))))
.
.
2014-02-19 07:02 . 2014-02-19 07:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-19 07:02 . 2014-02-19 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 06:50 . 2014-02-19 06:50 -------- d-----w- c:\users\juras\AppData\Roaming\OpenOffice
2014-02-19 06:49 . 2014-02-19 06:49 -------- d-----w- c:\program files\OpenOffice 4
2014-02-18 13:27 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1B6A8E-F7FA-4A03-BA72-A0DBEFF422C5}\mpengine.dll
2014-02-16 18:11 . 2014-02-16 18:12 -------- d-----w- C:\AdwCleaner
2014-02-16 09:24 . 2014-02-16 09:24 -------- d-----w- C:\rsit
2014-02-15 19:25 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\system32\mstscax.dll
2014-02-15 16:58 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 16:58 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-02-15 16:58 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 16:58 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 16:58 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-02-15 16:58 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-02-15 16:58 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-15 16:58 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-02-15 16:58 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-15 16:58 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-02-15 16:58 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-02-15 16:57 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-12 06:47 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-12 06:41 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 06:34 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 06:34 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 06:34 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 06:34 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 06:34 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 06:34 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 06:34 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-12 06:34 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 06:34 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 06:34 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-12 06:34 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 06:33 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 06:33 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-11 17:03 . 2014-02-11 17:03 -------- d-----w- c:\users\juras\AppData\Roaming\ioloGovernor
2014-02-11 17:01 . 2014-02-11 17:13 74703 ----a-w- c:\windows\system32\mfc45.dat
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\juras\AppData\Local\Torch
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\juras\AppData\Local\Comodo
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\programdata\d82a7d42467570e6
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\Guest
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\Administrator
2014-02-11 16:25 . 2014-02-11 16:25 -------- d-----w- c:\programdata\InstallMate
2014-02-11 12:48 . 2014-02-19 06:20 -------- d-----w- c:\users\juras\AppData\Roaming\uTorrent
2014-02-11 11:28 . 2014-02-11 11:49 -------- d-----w- c:\program files\Seznam.cz
2014-02-07 17:03 . 2014-02-07 17:03 -------- d-----w- c:\programdata\Trymedia
2014-02-07 17:03 . 2014-02-07 17:03 -------- d-----w- c:\program files\PopCap Games
2014-02-03 15:55 . 2014-02-03 15:55 -------- d-----w- c:\windows\Migration
2014-02-03 15:37 . 2014-02-03 15:37 -------- d-----w- c:\program files\MSXML 4.0
2014-02-03 15:37 . 2014-02-03 15:37 -------- d-----w- c:\program files\PC Connectivity Solution
2014-02-03 15:36 . 2014-02-03 15:36 73728 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36 . 2014-02-03 15:36 73728 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36 . 2014-02-03 15:36 49152 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2014-02-03 15:36 . 2014-02-03 15:36 49152 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2014-02-03 15:36 . 2014-02-03 15:36 53248 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2014-02-03 15:35 . 2014-02-03 15:35 -------- d-----w- c:\users\juras\AppData\Local\Nokia
2014-02-03 15:32 . 2014-02-03 15:32 -------- d-----w- c:\programdata\Installations
2014-01-27 13:10 . 2014-01-27 13:10 -------- d-----w- c:\users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 13:09 . 2014-01-27 13:09 -------- d-----w- c:\program files\MetLife
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 14:06 . 2012-03-31 05:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 14:06 . 2011-05-29 04:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 05:13 . 2011-05-26 06:59 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-09 08:21 . 2013-12-07 09:48 344064 ----a-r- c:\programdata\Microsoft\Windows\Start Menu\Programs\WinRAR\rarlng.dll
2013-11-27 01:14 . 2014-01-15 12:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13 . 2014-01-15 12:06 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13 . 2014-01-15 12:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13 . 2014-01-15 12:06 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13 . 2014-01-15 12:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13 . 2014-01-15 12:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13 . 2014-01-15 12:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11 . 2014-01-15 12:06 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:10 . 2014-01-15 12:06 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-20 08:49 417792 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Catalyst Control Centre: Command Line Interface"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe" Start CCC
"DIMProbíhá stahování aktualizace...1338924290338"="c:\program files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.exe" "c:\programdata\corel\downloads\540240626_310002\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\juras\appdata\roaming\corel\messages\540240626_310002\cz\messagecache2\workflow"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PowerDVD13Agent"="c:\program files\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE -startup
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48 76560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-08 197224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48 76560]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-11 10:43 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:07]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill form using Password Manager XP - c:\program files\Password Manager XP\InsPwd.htm
IE: Generate password using Password Manager XP - c:\program files\Password Manager XP\GenPwd.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Save form data to Password Manager XP - c:\program files\Password Manager XP\SavePwd.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2014-02-19 08:05:01
ComboFix-quarantined-files.txt 2014-02-19 07:05
.
Před spuštěním: Volných bajtů: 204 707 909 632
Po spuštění: Volných bajtů: 204 720 590 848
.
- - End Of File - - E02322344449A0EF94278746F6E92437
A36C5E4F47E84449FF07ED3517B43A31
Ten open office řeší co ?
Báječný den
juráš
ComboFix 14-02-18.01 - juras 19.02.2014 7:54.9.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2815.1503 [GMT 1:00]
Spuštěný z: c:\users\juras\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-19 do 2014-02-19 )))))))))))))))))))))))))))))))
.
.
2014-02-19 07:02 . 2014-02-19 07:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-19 07:02 . 2014-02-19 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 06:50 . 2014-02-19 06:50 -------- d-----w- c:\users\juras\AppData\Roaming\OpenOffice
2014-02-19 06:49 . 2014-02-19 06:49 -------- d-----w- c:\program files\OpenOffice 4
2014-02-18 13:27 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1B6A8E-F7FA-4A03-BA72-A0DBEFF422C5}\mpengine.dll
2014-02-16 18:11 . 2014-02-16 18:12 -------- d-----w- C:\AdwCleaner
2014-02-16 09:24 . 2014-02-16 09:24 -------- d-----w- C:\rsit
2014-02-15 19:25 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\system32\mstscax.dll
2014-02-15 16:58 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 16:58 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-02-15 16:58 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 16:58 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 16:58 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-02-15 16:58 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-02-15 16:58 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-15 16:58 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-02-15 16:58 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-15 16:58 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-02-15 16:58 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-02-15 16:57 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-12 06:47 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-12 06:41 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 06:34 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 06:34 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 06:34 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 06:34 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 06:34 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 06:34 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 06:34 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-12 06:34 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 06:34 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 06:34 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-12 06:34 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 06:33 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 06:33 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-11 17:03 . 2014-02-11 17:03 -------- d-----w- c:\users\juras\AppData\Roaming\ioloGovernor
2014-02-11 17:01 . 2014-02-11 17:13 74703 ----a-w- c:\windows\system32\mfc45.dat
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\juras\AppData\Local\Torch
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\juras\AppData\Local\Comodo
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\programdata\d82a7d42467570e6
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\Guest
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\Administrator
2014-02-11 16:25 . 2014-02-11 16:25 -------- d-----w- c:\programdata\InstallMate
2014-02-11 12:48 . 2014-02-19 06:20 -------- d-----w- c:\users\juras\AppData\Roaming\uTorrent
2014-02-11 11:28 . 2014-02-11 11:49 -------- d-----w- c:\program files\Seznam.cz
2014-02-07 17:03 . 2014-02-07 17:03 -------- d-----w- c:\programdata\Trymedia
2014-02-07 17:03 . 2014-02-07 17:03 -------- d-----w- c:\program files\PopCap Games
2014-02-03 15:55 . 2014-02-03 15:55 -------- d-----w- c:\windows\Migration
2014-02-03 15:37 . 2014-02-03 15:37 -------- d-----w- c:\program files\MSXML 4.0
2014-02-03 15:37 . 2014-02-03 15:37 -------- d-----w- c:\program files\PC Connectivity Solution
2014-02-03 15:36 . 2014-02-03 15:36 73728 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36 . 2014-02-03 15:36 73728 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36 . 2014-02-03 15:36 49152 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2014-02-03 15:36 . 2014-02-03 15:36 49152 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2014-02-03 15:36 . 2014-02-03 15:36 53248 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2014-02-03 15:35 . 2014-02-03 15:35 -------- d-----w- c:\users\juras\AppData\Local\Nokia
2014-02-03 15:32 . 2014-02-03 15:32 -------- d-----w- c:\programdata\Installations
2014-01-27 13:10 . 2014-01-27 13:10 -------- d-----w- c:\users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 13:09 . 2014-01-27 13:09 -------- d-----w- c:\program files\MetLife
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 14:06 . 2012-03-31 05:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 14:06 . 2011-05-29 04:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 05:13 . 2011-05-26 06:59 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-09 08:21 . 2013-12-07 09:48 344064 ----a-r- c:\programdata\Microsoft\Windows\Start Menu\Programs\WinRAR\rarlng.dll
2013-11-27 01:14 . 2014-01-15 12:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13 . 2014-01-15 12:06 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13 . 2014-01-15 12:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13 . 2014-01-15 12:06 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13 . 2014-01-15 12:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13 . 2014-01-15 12:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13 . 2014-01-15 12:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11 . 2014-01-15 12:06 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:10 . 2014-01-15 12:06 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-20 08:49 417792 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Catalyst Control Centre: Command Line Interface"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe" Start CCC
"DIMProbíhá stahování aktualizace...1338924290338"="c:\program files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.exe" "c:\programdata\corel\downloads\540240626_310002\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\juras\appdata\roaming\corel\messages\540240626_310002\cz\messagecache2\workflow"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PowerDVD13Agent"="c:\program files\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE -startup
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48 76560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-08 197224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48 76560]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-11 10:43 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:07]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill form using Password Manager XP - c:\program files\Password Manager XP\InsPwd.htm
IE: Generate password using Password Manager XP - c:\program files\Password Manager XP\GenPwd.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Save form data to Password Manager XP - c:\program files\Password Manager XP\SavePwd.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2014-02-19 08:05:01
ComboFix-quarantined-files.txt 2014-02-19 07:05
.
Před spuštěním: Volných bajtů: 204 707 909 632
Po spuštění: Volných bajtů: 204 720 590 848
.
- - End Of File - - E02322344449A0EF94278746F6E92437
A36C5E4F47E84449FF07ED3517B43A31
Ten open office řeší co ?
Báječný den
juráš
Re: Prosím o kontolu logu
Řeší to aby tam ještě nenarval nelegální Office s dalšíma šmejdama a nyní ještě zaměň NODa za AVASTdevet píše:Ten open office řeší co ?
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
Folder::
C:\Program Files\TNod User & Password Finder
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TNOD UP"=-
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Prosím o kontolu logu
Roli,
posílám žádané
ComboFix 14-02-19.01 - juras 19.02.2014 19:55:26.11.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2815.1821 [GMT 1:00]
Spuštěný z: c:\users\juras\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\juras\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-19 do 2014-02-19 )))))))))))))))))))))))))))))))
.
.
2014-02-19 19:02 . 2014-02-19 19:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-19 19:02 . 2014-02-19 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 16:56 . 2014-02-19 16:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1B6A8E-F7FA-4A03-BA72-A0DBEFF422C5}\offreg.dll
2014-02-19 06:50 . 2014-02-19 06:50 -------- d-----w- c:\users\juras\AppData\Roaming\OpenOffice
2014-02-19 06:49 . 2014-02-19 06:49 -------- d-----w- c:\program files\OpenOffice 4
2014-02-18 13:27 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1B6A8E-F7FA-4A03-BA72-A0DBEFF422C5}\mpengine.dll
2014-02-16 18:11 . 2014-02-16 18:12 -------- d-----w- C:\AdwCleaner
2014-02-16 09:24 . 2014-02-16 09:24 -------- d-----w- C:\rsit
2014-02-15 19:25 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\system32\mstscax.dll
2014-02-15 16:58 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 16:58 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-02-15 16:58 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 16:58 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 16:58 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-02-15 16:58 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-02-15 16:58 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-15 16:58 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-02-15 16:58 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-15 16:58 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-02-15 16:58 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-02-15 16:57 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-12 06:47 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-12 06:41 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 06:34 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 06:34 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 06:34 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 06:34 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 06:34 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 06:34 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 06:34 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-12 06:34 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 06:34 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 06:34 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-12 06:34 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 06:33 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 06:33 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-11 17:03 . 2014-02-11 17:03 -------- d-----w- c:\users\juras\AppData\Roaming\ioloGovernor
2014-02-11 17:01 . 2014-02-11 17:13 74703 ----a-w- c:\windows\system32\mfc45.dat
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\juras\AppData\Local\Torch
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\juras\AppData\Local\Comodo
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\programdata\d82a7d42467570e6
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\Guest
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\Administrator
2014-02-11 16:25 . 2014-02-11 16:25 -------- d-----w- c:\programdata\InstallMate
2014-02-11 12:48 . 2014-02-19 06:20 -------- d-----w- c:\users\juras\AppData\Roaming\uTorrent
2014-02-11 11:28 . 2014-02-11 11:49 -------- d-----w- c:\program files\Seznam.cz
2014-02-07 17:03 . 2014-02-07 17:03 -------- d-----w- c:\programdata\Trymedia
2014-02-07 17:03 . 2014-02-07 17:03 -------- d-----w- c:\program files\PopCap Games
2014-02-03 15:55 . 2014-02-03 15:55 -------- d-----w- c:\windows\Migration
2014-02-03 15:37 . 2014-02-03 15:37 -------- d-----w- c:\program files\MSXML 4.0
2014-02-03 15:37 . 2014-02-03 15:37 -------- d-----w- c:\program files\PC Connectivity Solution
2014-02-03 15:36 . 2014-02-03 15:36 73728 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36 . 2014-02-03 15:36 73728 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36 . 2014-02-03 15:36 49152 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2014-02-03 15:36 . 2014-02-03 15:36 49152 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2014-02-03 15:36 . 2014-02-03 15:36 53248 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2014-02-03 15:35 . 2014-02-03 15:35 -------- d-----w- c:\users\juras\AppData\Local\Nokia
2014-02-03 15:32 . 2014-02-03 15:32 -------- d-----w- c:\programdata\Installations
2014-01-27 13:10 . 2014-01-27 13:10 -------- d-----w- c:\users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 13:09 . 2014-01-27 13:09 -------- d-----w- c:\program files\MetLife
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 14:06 . 2012-03-31 05:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 14:06 . 2011-05-29 04:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 05:13 . 2011-05-26 06:59 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-09 08:21 . 2013-12-07 09:48 344064 ----a-r- c:\programdata\Microsoft\Windows\Start Menu\Programs\WinRAR\rarlng.dll
2013-11-27 01:14 . 2014-01-15 12:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13 . 2014-01-15 12:06 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13 . 2014-01-15 12:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13 . 2014-01-15 12:06 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13 . 2014-01-15 12:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13 . 2014-01-15 12:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13 . 2014-01-15 12:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11 . 2014-01-15 12:06 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:10 . 2014-01-15 12:06 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-20 08:49 417792 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Catalyst Control Centre: Command Line Interface"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe" Start CCC
"DIMProbíhá stahování aktualizace...1338924290338"="c:\program files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.exe" "c:\programdata\corel\downloads\540240626_310002\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\juras\appdata\roaming\corel\messages\540240626_310002\cz\messagecache2\workflow"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PowerDVD13Agent"="c:\program files\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE -startup
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48 76560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-08 197224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48 76560]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-11 10:43 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:07]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill form using Password Manager XP - c:\program files\Password Manager XP\InsPwd.htm
IE: Generate password using Password Manager XP - c:\program files\Password Manager XP\GenPwd.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Save form data to Password Manager XP - c:\program files\Password Manager XP\SavePwd.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-02-19 20:04:24
ComboFix-quarantined-files.txt 2014-02-19 19:04
ComboFix2.txt 2014-02-19 07:05
.
Před spuštěním: Volných bajtů: 202 766 000 128
Po spuštění: Volných bajtů: 202 710 052 864
.
- - End Of File - - FA8A7D608C9A3DAAFA312B7D79382E49
A36C5E4F47E84449FF07ED3517B43A31
posílám žádané
ComboFix 14-02-19.01 - juras 19.02.2014 19:55:26.11.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2815.1821 [GMT 1:00]
Spuštěný z: c:\users\juras\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\juras\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-19 do 2014-02-19 )))))))))))))))))))))))))))))))
.
.
2014-02-19 19:02 . 2014-02-19 19:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-19 19:02 . 2014-02-19 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 16:56 . 2014-02-19 16:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1B6A8E-F7FA-4A03-BA72-A0DBEFF422C5}\offreg.dll
2014-02-19 06:50 . 2014-02-19 06:50 -------- d-----w- c:\users\juras\AppData\Roaming\OpenOffice
2014-02-19 06:49 . 2014-02-19 06:49 -------- d-----w- c:\program files\OpenOffice 4
2014-02-18 13:27 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1B6A8E-F7FA-4A03-BA72-A0DBEFF422C5}\mpengine.dll
2014-02-16 18:11 . 2014-02-16 18:12 -------- d-----w- C:\AdwCleaner
2014-02-16 09:24 . 2014-02-16 09:24 -------- d-----w- C:\rsit
2014-02-15 19:25 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\system32\mstscax.dll
2014-02-15 16:58 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 16:58 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-02-15 16:58 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 16:58 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 16:58 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-02-15 16:58 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-02-15 16:58 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-15 16:58 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-02-15 16:58 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-15 16:58 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-02-15 16:58 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-02-15 16:57 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-12 06:47 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-12 06:41 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 06:34 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 06:34 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 06:34 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 06:34 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 06:34 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 06:34 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 06:34 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-12 06:34 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 06:34 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 06:34 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-12 06:34 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 06:33 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 06:33 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-11 17:03 . 2014-02-11 17:03 -------- d-----w- c:\users\juras\AppData\Roaming\ioloGovernor
2014-02-11 17:01 . 2014-02-11 17:13 74703 ----a-w- c:\windows\system32\mfc45.dat
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\juras\AppData\Local\Torch
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\juras\AppData\Local\Comodo
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\programdata\d82a7d42467570e6
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\Guest
2014-02-11 16:27 . 2014-02-11 16:27 -------- d-----w- c:\users\Administrator
2014-02-11 16:25 . 2014-02-11 16:25 -------- d-----w- c:\programdata\InstallMate
2014-02-11 12:48 . 2014-02-19 06:20 -------- d-----w- c:\users\juras\AppData\Roaming\uTorrent
2014-02-11 11:28 . 2014-02-11 11:49 -------- d-----w- c:\program files\Seznam.cz
2014-02-07 17:03 . 2014-02-07 17:03 -------- d-----w- c:\programdata\Trymedia
2014-02-07 17:03 . 2014-02-07 17:03 -------- d-----w- c:\program files\PopCap Games
2014-02-03 15:55 . 2014-02-03 15:55 -------- d-----w- c:\windows\Migration
2014-02-03 15:37 . 2014-02-03 15:37 -------- d-----w- c:\program files\MSXML 4.0
2014-02-03 15:37 . 2014-02-03 15:37 -------- d-----w- c:\program files\PC Connectivity Solution
2014-02-03 15:36 . 2014-02-03 15:36 73728 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36 . 2014-02-03 15:36 73728 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2014-02-03 15:36 . 2014-02-03 15:36 49152 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2014-02-03 15:36 . 2014-02-03 15:36 49152 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2014-02-03 15:36 . 2014-02-03 15:36 53248 ----a-r- c:\users\juras\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2014-02-03 15:35 . 2014-02-03 15:35 -------- d-----w- c:\users\juras\AppData\Local\Nokia
2014-02-03 15:32 . 2014-02-03 15:32 -------- d-----w- c:\programdata\Installations
2014-01-27 13:10 . 2014-01-27 13:10 -------- d-----w- c:\users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 13:09 . 2014-01-27 13:09 -------- d-----w- c:\program files\MetLife
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 14:06 . 2012-03-31 05:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 14:06 . 2011-05-29 04:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 05:13 . 2011-05-26 06:59 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-09 08:21 . 2013-12-07 09:48 344064 ----a-r- c:\programdata\Microsoft\Windows\Start Menu\Programs\WinRAR\rarlng.dll
2013-11-27 01:14 . 2014-01-15 12:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13 . 2014-01-15 12:06 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13 . 2014-01-15 12:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13 . 2014-01-15 12:06 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13 . 2014-01-15 12:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13 . 2014-01-15 12:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13 . 2014-01-15 12:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11 . 2014-01-15 12:06 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:10 . 2014-01-15 12:06 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-20 08:49 417792 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Catalyst Control Centre: Command Line Interface"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe" Start CCC
"DIMProbíhá stahování aktualizace...1338924290338"="c:\program files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.exe" "c:\programdata\corel\downloads\540240626_310002\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\juras\appdata\roaming\corel\messages\540240626_310002\cz\messagecache2\workflow"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PowerDVD13Agent"="c:\program files\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE -startup
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
.
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48 76560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 ntk_PowerDVD;ntk_PowerDVD; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-08 197224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 22:48 76560]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-11 10:43 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:07]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-09 09:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill form using Password Manager XP - c:\program files\Password Manager XP\InsPwd.htm
IE: Generate password using Password Manager XP - c:\program files\Password Manager XP\GenPwd.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Save form data to Password Manager XP - c:\program files\Password Manager XP\SavePwd.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-02-19 20:04:24
ComboFix-quarantined-files.txt 2014-02-19 19:04
ComboFix2.txt 2014-02-19 07:05
.
Před spuštěním: Volných bajtů: 202 766 000 128
Po spuštění: Volných bajtů: 202 710 052 864
.
- - End Of File - - FA8A7D608C9A3DAAFA312B7D79382E49
A36C5E4F47E84449FF07ED3517B43A31
Re: Prosím o kontolu logu
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
No a nyní už jen ten Avast a kontrolní log z Rsit.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
No a nyní už jen ten Avast a kontrolní log z Rsit.
Re: Prosím o kontolu logu
Roli,
požadované. A znovu děkuji za ochotu i čas.
Logfile of random's system information tool 1.09 (written by random/random)
Run by juras at 2014-02-20 13:27:53
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 195 GB (82%) free of 238 GB
Total RAM: 2815 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:57, on 20.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\DOWN\RSIT.exe
C:\Program Files\trend micro\juras.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [0AFC188F9B23403C513AD4F818256DB928A37312._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill form using Password Manager XP - C:\Program Files\Password Manager XP\InsPwd.htm
O8 - Extra context menu item: Generate password using Password Manager XP - C:\Program Files\Password Manager XP\GenPwd.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Save form data to Password Manager XP - C:\Program Files\Password Manager XP\SavePwd.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Password Manager XP - {7379d689-cc96-451d-b46e-6bbe4ca6b02d} - C:\Program Files\Password Manager XP\PwdManager.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba (ABBYY.Licensing.PDFTransformer.Classic.3.0) - ABBYY - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7264 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2011-10-13 5574456]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"=C:\Program Files\Google\Chrome\Application\chrome.exe [2014-02-02 866632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2014-02-03 208384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SynchronousMachineGroupPolicy"=1
"SynchronousUserGroupPolicy"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-02-20 13:26:50 ----SHD---- C:\$RECYCLE.BIN
2014-02-19 20:04:24 ----A---- C:\ComboFix.txt
2014-02-19 07:50:41 ----D---- C:\Users\juras\AppData\Roaming\OpenOffice
2014-02-19 07:49:27 ----D---- C:\Program Files\OpenOffice 4
2014-02-16 19:13:28 ----D---- C:\Windows\erdnt
2014-02-16 19:11:54 ----D---- C:\AdwCleaner
2014-02-16 10:24:08 ----D---- C:\rsit
2014-02-15 20:25:51 ----A---- C:\Windows\system32\mstscax.dll
2014-02-15 17:58:32 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 17:58:31 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 17:58:31 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-15 17:58:30 ----A---- C:\Windows\system32\wksprtPS.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\wksprt.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\tsgqec.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\mstsc.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-15 17:57:55 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-02-12 07:48:05 ----A---- C:\Windows\system32\ieui.dll
2014-02-12 07:48:05 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-12 07:48:04 ----A---- C:\Windows\system32\msrating.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\iesetup.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\iernonce.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-12 07:48:02 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-12 07:48:02 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-12 07:48:01 ----A---- C:\Windows\system32\wininet.dll
2014-02-12 07:48:01 ----A---- C:\Windows\system32\iertutil.dll
2014-02-12 07:48:00 ----A---- C:\Windows\system32\urlmon.dll
2014-02-12 07:47:59 ----A---- C:\Windows\system32\ieframe.dll
2014-02-12 07:47:58 ----A---- C:\Windows\system32\mshtml.dll
2014-02-12 07:47:58 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 07:41:04 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 07:34:44 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 07:34:44 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:34:00 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 07:33:42 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 07:33:42 ----A---- C:\Windows\system32\d2d1.dll
2014-02-11 18:03:21 ----D---- C:\Users\juras\AppData\Roaming\ioloGovernor
2014-02-11 18:01:44 ----A---- C:\Windows\system32\mfc45.dat
2014-02-11 17:27:15 ----D---- C:\ProgramData\d82a7d42467570e6
2014-02-11 17:25:48 ----D---- C:\ProgramData\InstallMate
2014-02-11 13:48:19 ----D---- C:\Users\juras\AppData\Roaming\uTorrent
2014-02-11 12:28:16 ----D---- C:\Program Files\Seznam.cz
2014-02-07 18:03:46 ----D---- C:\ProgramData\Trymedia
2014-02-07 18:03:39 ----D---- C:\Program Files\PopCap Games
2014-02-07 18:03:39 ----A---- C:\Windows\popcinfo.dat
2014-02-07 14:33:17 ----D---- C:\Users\juras\AppData\Roaming\Google
2014-02-03 17:01:39 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-03 17:01:39 ----A---- C:\Windows\system32\elshyph.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-03 17:01:38 ----A---- C:\Windows\system32\msls31.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\jsIntl.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\ieapfltr.dat
2014-02-03 17:01:38 ----A---- C:\Windows\system32\icardie.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\dxtrans.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\dxtmsft.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\wextract.exe
2014-02-03 17:01:37 ----A---- C:\Windows\system32\webcheck.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\url.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\mshtmled.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\licmgr10.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\inseng.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\iexpress.exe
2014-02-03 17:01:37 ----A---- C:\Windows\system32\iedkcs32.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\pngfilt.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\occache.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\mshtmler.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\mshta.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\msfeedssync.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\jscript.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\imgutil.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\iesysprep.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\iepeers.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\IEAdvpack.dll
2014-02-03 16:55:47 ----D---- C:\Windows\Migration
2014-02-03 16:37:46 ----D---- C:\Program Files\MSXML 4.0
2014-02-03 16:37:36 ----D---- C:\Program Files\PC Connectivity Solution
2014-02-03 16:32:54 ----D---- C:\ProgramData\Installations
2014-01-27 14:10:02 ----D---- C:\Users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 14:09:28 ----D---- C:\Program Files\MetLife
======List of files/folders modified in the last 1 month======
2014-02-20 13:27:54 ----D---- C:\Windows\Temp
2014-02-20 13:27:54 ----D---- C:\Program Files\trend micro
2014-02-20 13:26:26 ----D---- C:\Windows
2014-02-20 13:26:18 ----SHD---- C:\System Volume Information
2014-02-20 13:25:52 ----D---- C:\Windows\system32\drivers
2014-02-20 07:41:17 ----D---- C:\Windows\system32\config
2014-02-20 06:32:14 ----D---- C:\Windows\system32\catroot2
2014-02-19 20:02:28 ----A---- C:\Windows\system.ini
2014-02-19 19:58:36 ----D---- C:\Windows\System32
2014-02-19 19:58:36 ----D---- C:\Windows\AppPatch
2014-02-19 19:58:35 ----D---- C:\Program Files\Common Files
2014-02-19 19:11:54 ----D---- C:\Windows\Prefetch
2014-02-19 07:52:08 ----D---- C:\Windows\inf
2014-02-19 07:50:32 ----SHD---- C:\Windows\Installer
2014-02-19 07:50:30 ----D---- C:\Windows\assembly
2014-02-19 07:49:47 ----D---- C:\Windows\Fonts
2014-02-19 07:49:27 ----D---- C:\Program Files
2014-02-19 07:30:23 ----AD---- C:\ProgramData\Temp
2014-02-17 12:23:21 ----D---- C:\Windows\rescache
2014-02-16 20:32:50 ----D---- C:\Windows\system32\drivers\etc
2014-02-15 20:25:29 ----D---- C:\Windows\system32\catroot
2014-02-15 20:25:28 ----D---- C:\Windows\winsxs
2014-02-15 17:59:02 ----D---- C:\Windows\system32\DriverStore
2014-02-15 17:59:02 ----D---- C:\Windows\system32\drivers\en-US
2014-02-15 17:59:02 ----D---- C:\Windows\system32\cs-CZ
2014-02-15 17:54:18 ----D---- C:\Program Files\Google
2014-02-15 17:47:58 ----D---- C:\Users\juras\AppData\Roaming\Vso
2014-02-15 07:18:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-13 12:58:50 ----D---- C:\Users\juras\AppData\Roaming\vlc
2014-02-13 12:53:46 ----D---- C:\Users\juras\AppData\Roaming\dvdcss
2014-02-12 10:56:10 ----D---- C:\Windows\SoftwareDistribution
2014-02-12 10:51:50 ----D---- C:\Boot
2014-02-12 10:33:23 ----D---- C:\Windows\debug
2014-02-12 09:14:50 ----D---- C:\Program Files\Internet Explorer
2014-02-12 08:04:29 ----D---- C:\Windows\Microsoft.NET
2014-02-12 07:50:17 ----D---- C:\ProgramData\Microsoft Help
2014-02-12 07:47:13 ----D---- C:\Windows\system32\MRT
2014-02-12 07:44:31 ----A---- C:\Windows\system32\MRT.exe
2014-02-12 07:41:55 ----A---- C:\Windows\win.ini
2014-02-12 07:37:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-11 18:17:31 ----D---- C:\ProgramData
2014-02-11 18:04:30 ----D---- C:\Windows\system32\Tasks
2014-02-11 17:27:14 ----D---- C:\Users
2014-02-06 15:06:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-02-03 17:39:06 ----D---- C:\Windows\Panther
2014-02-03 17:39:06 ----D---- C:\Windows\Logs
2014-02-03 17:05:21 ----D---- C:\Windows\system32\migration
2014-02-03 17:05:21 ----D---- C:\Windows\system32\en-US
2014-02-03 17:05:21 ----D---- C:\Windows\PolicyDefinitions
2014-02-03 16:55:47 ----D---- C:\ProgramData\Microsoft
2014-02-03 16:46:05 ----D---- C:\Windows\system32\drivers\UMDF
2014-02-03 16:37:42 ----DC---- C:\Windows\system32\DRVSTORE
2014-02-03 16:36:57 ----D---- C:\Program Files\Nokia
2014-02-03 16:35:53 ----D---- C:\Program Files\Common Files\Nokia
2014-01-24 20:32:17 ----D---- C:\Program Files\CCleaner
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2011-07-08 104024]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-05-26 170528]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-11-14 600928]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2013-10-23 114376]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16:41]; \??\C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 76560]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2011-07-15 13216]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13:41]; \??\C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 76560]
S2 ntk_PowerDVD;ntk_PowerDVD; C:\Windows\system32\drivers\ntk_PowerDVD.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 catchme;catchme; \??\C:\Users\juras\AppData\Local\Temp\catchme.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2011-07-08 197224]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-12-17 804952]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
R2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
R2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2011-12-26 186760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-29 867080]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 108032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
-----------------EOF-----------------
požadované. A znovu děkuji za ochotu i čas.
Logfile of random's system information tool 1.09 (written by random/random)
Run by juras at 2014-02-20 13:27:53
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 195 GB (82%) free of 238 GB
Total RAM: 2815 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:57, on 20.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\DOWN\RSIT.exe
C:\Program Files\trend micro\juras.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [0AFC188F9B23403C513AD4F818256DB928A37312._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill form using Password Manager XP - C:\Program Files\Password Manager XP\InsPwd.htm
O8 - Extra context menu item: Generate password using Password Manager XP - C:\Program Files\Password Manager XP\GenPwd.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Save form data to Password Manager XP - C:\Program Files\Password Manager XP\SavePwd.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Password Manager XP - {7379d689-cc96-451d-b46e-6bbe4ca6b02d} - C:\Program Files\Password Manager XP\PwdManager.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba (ABBYY.Licensing.PDFTransformer.Classic.3.0) - ABBYY - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7264 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2011-10-13 5574456]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5110672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"0AFC188F9B23403C513AD4F818256DB928A37312._service_run"=C:\Program Files\Google\Chrome\Application\chrome.exe [2014-02-02 866632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2014-02-03 208384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SynchronousMachineGroupPolicy"=1
"SynchronousUserGroupPolicy"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-02-20 13:26:50 ----SHD---- C:\$RECYCLE.BIN
2014-02-19 20:04:24 ----A---- C:\ComboFix.txt
2014-02-19 07:50:41 ----D---- C:\Users\juras\AppData\Roaming\OpenOffice
2014-02-19 07:49:27 ----D---- C:\Program Files\OpenOffice 4
2014-02-16 19:13:28 ----D---- C:\Windows\erdnt
2014-02-16 19:11:54 ----D---- C:\AdwCleaner
2014-02-16 10:24:08 ----D---- C:\rsit
2014-02-15 20:25:51 ----A---- C:\Windows\system32\mstscax.dll
2014-02-15 17:58:32 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 17:58:31 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 17:58:31 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-15 17:58:30 ----A---- C:\Windows\system32\wksprtPS.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\wksprt.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\tsgqec.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-02-15 17:58:30 ----A---- C:\Windows\system32\mstsc.exe
2014-02-15 17:58:30 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-15 17:57:55 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-02-12 07:48:05 ----A---- C:\Windows\system32\ieui.dll
2014-02-12 07:48:05 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-12 07:48:04 ----A---- C:\Windows\system32\msrating.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\iesetup.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\iernonce.dll
2014-02-12 07:48:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 07:48:03 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-12 07:48:02 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-12 07:48:02 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-12 07:48:01 ----A---- C:\Windows\system32\wininet.dll
2014-02-12 07:48:01 ----A---- C:\Windows\system32\iertutil.dll
2014-02-12 07:48:00 ----A---- C:\Windows\system32\urlmon.dll
2014-02-12 07:47:59 ----A---- C:\Windows\system32\ieframe.dll
2014-02-12 07:47:58 ----A---- C:\Windows\system32\mshtml.dll
2014-02-12 07:47:58 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 07:41:04 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 07:34:44 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 07:34:44 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:34:01 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 07:34:00 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:34:00 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 07:33:42 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 07:33:42 ----A---- C:\Windows\system32\d2d1.dll
2014-02-11 18:03:21 ----D---- C:\Users\juras\AppData\Roaming\ioloGovernor
2014-02-11 18:01:44 ----A---- C:\Windows\system32\mfc45.dat
2014-02-11 17:27:15 ----D---- C:\ProgramData\d82a7d42467570e6
2014-02-11 17:25:48 ----D---- C:\ProgramData\InstallMate
2014-02-11 13:48:19 ----D---- C:\Users\juras\AppData\Roaming\uTorrent
2014-02-11 12:28:16 ----D---- C:\Program Files\Seznam.cz
2014-02-07 18:03:46 ----D---- C:\ProgramData\Trymedia
2014-02-07 18:03:39 ----D---- C:\Program Files\PopCap Games
2014-02-07 18:03:39 ----A---- C:\Windows\popcinfo.dat
2014-02-07 14:33:17 ----D---- C:\Users\juras\AppData\Roaming\Google
2014-02-03 17:01:39 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-03 17:01:39 ----A---- C:\Windows\system32\elshyph.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-03 17:01:38 ----A---- C:\Windows\system32\msls31.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\jsIntl.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\ieapfltr.dat
2014-02-03 17:01:38 ----A---- C:\Windows\system32\icardie.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\dxtrans.dll
2014-02-03 17:01:38 ----A---- C:\Windows\system32\dxtmsft.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\wextract.exe
2014-02-03 17:01:37 ----A---- C:\Windows\system32\webcheck.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\url.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\mshtmled.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\licmgr10.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\inseng.dll
2014-02-03 17:01:37 ----A---- C:\Windows\system32\iexpress.exe
2014-02-03 17:01:37 ----A---- C:\Windows\system32\iedkcs32.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\pngfilt.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\occache.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\mshtmler.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\mshta.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\msfeedssync.exe
2014-02-03 17:01:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\jscript.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\imgutil.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\iesysprep.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\iepeers.dll
2014-02-03 17:01:36 ----A---- C:\Windows\system32\IEAdvpack.dll
2014-02-03 16:55:47 ----D---- C:\Windows\Migration
2014-02-03 16:37:46 ----D---- C:\Program Files\MSXML 4.0
2014-02-03 16:37:36 ----D---- C:\Program Files\PC Connectivity Solution
2014-02-03 16:32:54 ----D---- C:\ProgramData\Installations
2014-01-27 14:10:02 ----D---- C:\Users\juras\AppData\Roaming\IllustrationStorage
2014-01-27 14:09:28 ----D---- C:\Program Files\MetLife
======List of files/folders modified in the last 1 month======
2014-02-20 13:27:54 ----D---- C:\Windows\Temp
2014-02-20 13:27:54 ----D---- C:\Program Files\trend micro
2014-02-20 13:26:26 ----D---- C:\Windows
2014-02-20 13:26:18 ----SHD---- C:\System Volume Information
2014-02-20 13:25:52 ----D---- C:\Windows\system32\drivers
2014-02-20 07:41:17 ----D---- C:\Windows\system32\config
2014-02-20 06:32:14 ----D---- C:\Windows\system32\catroot2
2014-02-19 20:02:28 ----A---- C:\Windows\system.ini
2014-02-19 19:58:36 ----D---- C:\Windows\System32
2014-02-19 19:58:36 ----D---- C:\Windows\AppPatch
2014-02-19 19:58:35 ----D---- C:\Program Files\Common Files
2014-02-19 19:11:54 ----D---- C:\Windows\Prefetch
2014-02-19 07:52:08 ----D---- C:\Windows\inf
2014-02-19 07:50:32 ----SHD---- C:\Windows\Installer
2014-02-19 07:50:30 ----D---- C:\Windows\assembly
2014-02-19 07:49:47 ----D---- C:\Windows\Fonts
2014-02-19 07:49:27 ----D---- C:\Program Files
2014-02-19 07:30:23 ----AD---- C:\ProgramData\Temp
2014-02-17 12:23:21 ----D---- C:\Windows\rescache
2014-02-16 20:32:50 ----D---- C:\Windows\system32\drivers\etc
2014-02-15 20:25:29 ----D---- C:\Windows\system32\catroot
2014-02-15 20:25:28 ----D---- C:\Windows\winsxs
2014-02-15 17:59:02 ----D---- C:\Windows\system32\DriverStore
2014-02-15 17:59:02 ----D---- C:\Windows\system32\drivers\en-US
2014-02-15 17:59:02 ----D---- C:\Windows\system32\cs-CZ
2014-02-15 17:54:18 ----D---- C:\Program Files\Google
2014-02-15 17:47:58 ----D---- C:\Users\juras\AppData\Roaming\Vso
2014-02-15 07:18:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-13 12:58:50 ----D---- C:\Users\juras\AppData\Roaming\vlc
2014-02-13 12:53:46 ----D---- C:\Users\juras\AppData\Roaming\dvdcss
2014-02-12 10:56:10 ----D---- C:\Windows\SoftwareDistribution
2014-02-12 10:51:50 ----D---- C:\Boot
2014-02-12 10:33:23 ----D---- C:\Windows\debug
2014-02-12 09:14:50 ----D---- C:\Program Files\Internet Explorer
2014-02-12 08:04:29 ----D---- C:\Windows\Microsoft.NET
2014-02-12 07:50:17 ----D---- C:\ProgramData\Microsoft Help
2014-02-12 07:47:13 ----D---- C:\Windows\system32\MRT
2014-02-12 07:44:31 ----A---- C:\Windows\system32\MRT.exe
2014-02-12 07:41:55 ----A---- C:\Windows\win.ini
2014-02-12 07:37:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-11 18:17:31 ----D---- C:\ProgramData
2014-02-11 18:04:30 ----D---- C:\Windows\system32\Tasks
2014-02-11 17:27:14 ----D---- C:\Users
2014-02-06 15:06:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-02-03 17:39:06 ----D---- C:\Windows\Panther
2014-02-03 17:39:06 ----D---- C:\Windows\Logs
2014-02-03 17:05:21 ----D---- C:\Windows\system32\migration
2014-02-03 17:05:21 ----D---- C:\Windows\system32\en-US
2014-02-03 17:05:21 ----D---- C:\Windows\PolicyDefinitions
2014-02-03 16:55:47 ----D---- C:\ProgramData\Microsoft
2014-02-03 16:46:05 ----D---- C:\Windows\system32\drivers\UMDF
2014-02-03 16:37:42 ----DC---- C:\Windows\system32\DRVSTORE
2014-02-03 16:36:57 ----D---- C:\Program Files\Nokia
2014-02-03 16:35:53 ----D---- C:\Program Files\Common Files\Nokia
2014-01-24 20:32:17 ----D---- C:\Program Files\CCleaner
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2011-07-08 104024]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-05-26 170528]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-11-14 600928]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2013-10-23 114376]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/09/09 14:16:41]; \??\C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 76560]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2011-07-15 13216]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13:41]; \??\C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 76560]
S2 ntk_PowerDVD;ntk_PowerDVD; C:\Windows\system32\drivers\ntk_PowerDVD.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 catchme;catchme; \??\C:\Users\juras\AppData\Local\Temp\catchme.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2011-07-08 197224]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-12-17 804952]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
R2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
R2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2011-12-26 186760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-29 867080]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 108032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
-----------------EOF-----------------
Re: Prosím o kontolu logu
Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Plánovači úloh zakaž Google Update bude to tam několikrát.
No a pokud není s PC problém je to z mé strany vše, jen nezapomeň dát pryč ten NOD ať to syn zase nezkouší rozchodit, jinak jsi tu za týden znovu.
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
V Plánovači úloh zakaž Google Update bude to tam několikrát.
No a pokud není s PC problém je to z mé strany vše, jen nezapomeň dát pryč ten NOD ať to syn zase nezkouší rozchodit, jinak jsi tu za týden znovu.
Re: Prosím o kontolu logu
Roli,
ve službách jsem zakázal, nicméně v plánovači nenašel.
S díky
juráš
ve službách jsem zakázal, nicméně v plánovači nenašel.
S díky
juráš
- Přílohy
-
- Schránka 02.jpg (85.94 KiB) Zobrazeno 1280 x
Re: Prosím o kontolu logu
Klikni ještě vlevo na Knihovna plánovače úloh a v prostředním okně by se to mělo ukázat.devet píše:Roli,
ve službách jsem zakázal, nicméně v plánovači nenašel.
S díky
juráš
Přispějete na provoz fóra?