Prosím o kontrolu

[matikolus]

Tak jsem opět tu. Ještě nemám ten ntb, ale další stolní PC se chová občas divně. Myslim, že mu je tak 6 let a nejspíš ještě taky čištěnej nebyl. Pošlu log z RSIT.

[matikolus]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Slezák at 2014-04-30 12:35:51
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 153 GB (51%) free of 300 GB
Total RAM: 6134 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Helios.EXE – zástupce.lnk - \\HP\Helios IQ\Helios.EXE
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Slezák\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\.\Bin\ASSETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82c89e43-a0f9-11de-9de8-a45792ac4a3f}]
shell\AutoRun\command - F:\LPREMOVE.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84dd86e5-5b0e-11e2-92a4-c860008d7c03}]
shell\AutoRun\command - F:\DIYWriter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a9eada1-51c7-11df-9978-001fd0da954a}]
shell\AutoRun\command - F:\Launcher.exe


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-04-30 12:35:51 ----D---- C:\rsit
2014-04-30 12:35:51 ----D---- C:\Program Files (x86)\trend micro
2014-04-22 13:30:44 ----D---- C:\Program Files (x86)\CCleaner
2014-04-15 18:07:43 ----A---- C:\Windows\system32\mshtmled.dll
2014-04-15 18:07:42 ----A---- C:\Windows\system32\vbscript.dll
2014-04-15 18:07:41 ----A---- C:\Windows\system32\iertutil.dll
2014-04-15 18:07:40 ----A---- C:\Windows\system32\ieui.dll
2014-04-15 18:07:39 ----A---- C:\Windows\system32\url.dll
2014-04-15 18:07:39 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-15 18:07:38 ----A---- C:\Windows\system32\wininet.dll
2014-04-15 18:07:38 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-15 18:07:37 ----A---- C:\Windows\system32\urlmon.dll
2014-04-15 18:07:36 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-15 18:07:36 ----A---- C:\Windows\system32\jscript9.dll
2014-04-15 18:07:36 ----A---- C:\Windows\system32\jscript.dll
2014-04-15 18:07:33 ----A---- C:\Windows\system32\mshtml.dll
2014-04-15 18:07:30 ----A---- C:\Windows\system32\ieframe.dll
2014-04-15 13:22:53 ----A---- C:\Windows\system32\kernel32.dll
2014-04-15 13:17:12 ----D---- C:\ProgramData\TinyWall
2014-04-15 11:56:08 ----D---- C:\Users\Slezák\AppData\Roaming\TinyWall
2014-04-15 11:55:32 ----D---- C:\Program Files (x86)\TinyWall
2014-04-15 09:02:40 ----D---- C:\Users\Slezák\AppData\Roaming\AVAST Software
2014-04-15 08:38:07 ----D---- C:\ProgramData\AVAST Software
2014-03-31 10:06:25 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2014-04-30 12:35:52 ----D---- C:\Windows\Prefetch
2014-04-30 12:35:51 ----D---- C:\Program Files (x86)
2014-04-30 12:35:41 ----D---- C:\Windows\Temp
2014-04-30 08:52:22 ----SHD---- C:\System Volume Information
2014-04-30 08:35:26 ----D---- C:\Windows\System32
2014-04-30 08:35:25 ----D---- C:\Windows\inf
2014-04-30 08:30:52 ----D---- C:\ProgramData\NVIDIA
2014-04-30 08:30:45 ----D---- C:\Windows
2014-04-22 15:56:25 ----D---- C:\Users\Slezák\AppData\Roaming\Media Player Classic
2014-04-22 15:56:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-04-22 15:56:17 ----D---- C:\Windows\Debug
2014-04-19 11:21:09 ----D---- C:\Users\Slezák\AppData\Roaming\vlc
2014-04-16 08:24:57 ----D---- C:\Windows\SysWOW64
2014-04-16 08:24:57 ----D---- C:\Windows\system32\migration
2014-04-16 08:24:57 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-15 18:08:37 ----SHD---- C:\Windows\Installer
2014-04-15 18:08:10 ----D---- C:\Windows\winsxs
2014-04-15 13:18:59 ----RSD---- C:\Windows\assembly
2014-04-15 13:18:44 ----D---- C:\Windows\Microsoft.NET
2014-04-15 13:17:12 ----HD---- C:\ProgramData
2014-04-15 13:11:03 ----D---- C:\Program Files (x86)\Common Files\Akamai
2014-04-15 13:07:05 ----RSD---- C:\Windows\Media
2014-04-15 13:07:05 ----D---- C:\Windows\system32\wbem
2014-04-15 13:07:04 ----D---- C:\Windows\Tasks
2014-04-15 13:07:02 ----D---- C:\Program Files (x86)\Common Files
2014-04-15 13:06:58 ----D---- C:\Windows\registration
2014-04-15 08:48:01 ----RD---- C:\Program Files
2014-04-02 08:16:59 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys []
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys []
R3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q; C:\Windows\system32\DRIVERS\e1q60x64.sys []
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-04-30 24072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 b57nd60a;%SvcDispName%; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys []
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys []
S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys []
S3 MonitorFunction;Driver for Monitor; C:\Windows\system32\DRIVERS\TVMonitor.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys []
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys []
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe []
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe []
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
R2 TinyWall;TinyWall Service; C:\Program Files (x86)\TinyWall\TinyWall.exe [2013-07-14 649176]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-12-08 68136]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-31 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 1012344]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Roli]

Odinstaluj Spybot - SD


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !

[matikolus]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2.5.2014
Scan Time: 12:29:03
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.02.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Slezák

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277832
Time Elapsed: 7 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Roli]

Mbam zase odinstaluj.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[matikolus]

ComboFix 14-04-30.01 - Slezák 03.05.2014 8:51.1.8 - x64
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.6134.3985 [GMT 2:00]
Spuštěný z: c:\users\Slezßk\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-03 do 2014-05-03 )))))))))))))))))))))))))))))))
.
.
2014-05-03 06:58 . 2014-05-03 06:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-03 06:58 . 2014-05-03 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-03 06:48 . 2014-05-03 06:48 -------- d-----w- C:\32788R22FWJFW
2014-05-02 09:01 . 2014-05-03 06:31 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-02 09:00 . 2014-05-02 09:00 -------- d-----w- c:\programdata\Malwarebytes
2014-05-02 08:51 . 2014-05-02 08:52 -------- d-----w- c:\program files\CCleaner
2014-05-02 06:44 . 2014-05-02 06:43 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61CA2838-A6D8-4ED5-9B75-CDA9E0EC37D7}\gapaengine.dll
2014-05-02 06:43 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{999FFECE-5832-4AC6-BF5E-F5E5260C67A0}\mpengine.dll
2014-04-30 11:51 . 2014-04-30 11:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-04-30 10:35 . 2014-04-30 10:35 -------- d-----w- C:\rsit
2014-04-30 10:35 . 2014-04-30 10:35 -------- d-----w- c:\program files (x86)\trend micro
2014-04-30 06:44 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-22 13:57 . 2014-04-22 13:57 5414 ----a-w- C:\cc_20140422_155734.reg
2014-04-22 13:57 . 2014-04-22 13:57 160972 ----a-w- C:\cc_20140422_155646.reg
2014-04-15 11:22 . 2014-02-06 04:21 1212416 ----a-w- c:\windows\system32\kernel32.dll
2014-04-15 11:17 . 2014-04-15 11:18 -------- d-----w- c:\programdata\TinyWall
2014-04-15 09:56 . 2014-04-15 09:58 -------- d-----w- c:\users\Slezák\AppData\Roaming\TinyWall
2014-04-15 09:55 . 2014-04-15 11:17 -------- d-----w- c:\program files (x86)\TinyWall
2014-04-15 07:02 . 2014-04-15 07:02 -------- d-----w- c:\users\Slezák\AppData\Roaming\AVAST Software
2014-04-15 06:48 . 2014-04-15 06:48 -------- d-----w- c:\program files\AVAST Software
2014-04-15 06:38 . 2014-04-15 06:38 -------- d-----w- c:\programdata\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-03 06:29 . 2009-05-28 00:35 24072 ----a-w- c:\windows\gdrv.sys
2014-04-15 16:05 . 2006-11-02 12:35 90655440 ----a-w- c:\windows\system32\mrt.exe
2014-03-12 09:51 . 2012-10-02 13:20 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 09:51 . 2011-05-14 07:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 08:52 . 2011-04-27 14:25 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-20 07:35 . 2012-06-12 16:02 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-07 12:11 . 2014-03-14 07:39 2776064 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 13:20 . 2014-03-14 07:39 619008 ----a-w- c:\windows\system32\qedit.dll
2014-02-03 10:37 . 2014-03-14 07:39 505344 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Slezák\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*Deregistered* - MBAMWebAccessControl
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 09:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-01 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-11-02 1833576]
"TinyWall Controller"="c:\program files (x86)\TinyWall\TinyWall.exe" [2013-07-14 649176]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Copy to &Lightning Note - c:\program files (x86)\Corel\WordPerfect Office X6\Programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
Trusted Zone: postsignum.cz\www
TCP: DhcpNameServer = 10.0.0.138
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
FF - ProfilePath - c:\users\Slezák\AppData\Roaming\Mozilla\Firefox\Profiles\m20zmsgf.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-hp print screen utility - c:\windows\system32\prnunins.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Celkový čas: 2014-05-03 09:00:20
ComboFix-quarantined-files.txt 2014-05-03 07:00
.
Před spuštěním: Volných bajtů: 160 058 826 752
Po spuštění: Volných bajtů: 159 927 341 056
.
- - End Of File - - 8300B80A8ECC0FD64209C8FA58519DA0
5C616939100B85E558DA92B899A0FC36

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej zase vědět jaký je stav PC.

[matikolus]

Omlouvám se, že píšu až teď, byl sem odjetej pryč.

Combofix mi takto nejde odinstalovat... Systém Windows nemůže najít položku ComboFix.

[Roli]

Omlouvám se, že píšu až teď, byl sem odjetej pryč.

V pohodě času dost.

Combofix mi takto nejde odinstalovat... Systém Windows nemůže najít položku ComboFix.

Máš to správně napsané ?

Musí to být takhle ComboFixmezera/Uninstall

Pokud to ano poté nepůjde použij pouze T-Cleaner a písni jak to s PC vypadá.

[matikolus]

Tak sem to pořád nejede... v příloze je screen. Jdu pouštět T-celaner.

[Roli]

Nevadí, nech to projet T-Cleanerem a pak mi sem dej pro kontrolu aktuální log z Rsit a písní stav PC.

[matikolus]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Slezák at 2014-05-12 17:44:34
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 155 GB (52%) free of 300 GB
Total RAM: 6134 MB (61% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k rpcss
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe"
/QuitInfo:00000000000003CC;000000000000042C; /AddRef;
/QuitInfo:0000000000000444;00000000000003C8;
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
taskeng.exe {1399D216-1948-494A-9B89-13145B8E7071}
/QuitInfo:000000000000049C;00000000000004C4; /AddRef;
/QuitInfo:00000000000004C0;00000000000004D0;
/loadhooks /Parent:00000000000009C8
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
taskeng.exe {0F75DB5D-2F72-4160-B5A7-B7ACB65937BE}
"C:\Program Files (x86)\TinyWall\TinyWall.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
LBTWiz -silent
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\TinyWall\TinyWall.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
KHALMNPR.EXE /API
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"\\HP\Helios IQ\Helios.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe /Processid:{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
splwow64
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe22_ Global\UsGthrCtrlFltPipeMssGthrPipe22 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 688 692 700 65536 696
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Slezák\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-02 11545192]
"Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 130576]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-01 500208]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2010-11-02 1833576]
"TinyWall Controller"=C:\Program Files (x86)\TinyWall\TinyWall.exe [2013-07-14 649176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Helios.EXE – zástupce.lnk - \\HP\Helios IQ\Helios.EXE
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Slezák\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-05-12 17:44:34 ----D---- C:\rsit
2014-05-12 17:44:34 ----D---- C:\Program Files\trend micro
2014-05-10 09:47:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-05-03 12:15:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-03 12:15:12 ----A---- C:\Windows\system32\mshtml.dll
2014-05-03 09:00:25 ----SHD---- C:\$RECYCLE.BIN
2014-05-03 09:00:22 ----D---- C:\Windows\temp
2014-05-03 08:48:30 ----D---- C:\Qoobox
2014-05-02 11:22:23 ----A---- C:\log.txt
2014-05-02 11:01:00 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-02 11:00:35 ----D---- C:\ProgramData\Malwarebytes
2014-05-02 10:51:56 ----D---- C:\Program Files\CCleaner
2014-04-30 13:51:00 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-15 18:07:43 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-04-15 18:07:43 ----A---- C:\Windows\system32\mshtmled.dll
2014-04-15 18:07:42 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-15 18:07:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-15 18:07:41 ----A---- C:\Windows\system32\iertutil.dll
2014-04-15 18:07:40 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-15 18:07:40 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-15 18:07:40 ----A---- C:\Windows\system32\ieui.dll
2014-04-15 18:07:39 ----A---- C:\Windows\SYSWOW64\url.dll
2014-04-15 18:07:39 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-15 18:07:39 ----A---- C:\Windows\system32\url.dll
2014-04-15 18:07:39 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-15 18:07:38 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-15 18:07:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-15 18:07:38 ----A---- C:\Windows\system32\wininet.dll
2014-04-15 18:07:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-15 18:07:37 ----A---- C:\Windows\system32\urlmon.dll
2014-04-15 18:07:37 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-15 18:07:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-15 18:07:36 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-15 18:07:36 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-04-15 18:07:36 ----A---- C:\Windows\system32\vbscript.dll
2014-04-15 18:07:36 ----A---- C:\Windows\system32\jscript9.dll
2014-04-15 18:07:36 ----A---- C:\Windows\system32\jscript.dll
2014-04-15 18:07:31 ----A---- C:\Windows\system32\ieframe.dll
2014-04-15 18:07:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-15 13:22:53 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-15 13:22:53 ----A---- C:\Windows\system32\kernel32.dll
2014-04-15 13:17:12 ----D---- C:\ProgramData\TinyWall
2014-04-15 11:56:08 ----D---- C:\Users\Slezák\AppData\Roaming\TinyWall
2014-04-15 11:55:32 ----D---- C:\Program Files (x86)\TinyWall
2014-04-15 09:02:40 ----D---- C:\Users\Slezák\AppData\Roaming\AVAST Software
2014-04-15 08:48:01 ----D---- C:\Program Files\AVAST Software
2014-04-15 08:38:07 ----D---- C:\ProgramData\AVAST Software

======List of files/folders modified in the last 1 month======

2014-05-12 17:44:34 ----RD---- C:\Program Files
2014-05-12 17:44:34 ----D---- C:\Windows\Prefetch
2014-05-12 08:38:08 ----D---- C:\Windows
2014-05-12 08:37:57 ----D---- C:\Program Files (x86)
2014-05-12 08:34:17 ----SHD---- C:\System Volume Information
2014-05-12 08:32:06 ----D---- C:\Windows\System32
2014-05-12 08:32:06 ----D---- C:\Windows\inf
2014-05-12 08:32:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-12 08:23:10 ----D---- C:\ProgramData\NVIDIA
2014-05-06 17:23:02 ----D---- C:\fotky eshop data
2014-05-03 12:15:36 ----D---- C:\Windows\winsxs
2014-05-03 12:15:36 ----D---- C:\Windows\SysWOW64
2014-05-03 12:15:27 ----D---- C:\Windows\system32\catroot
2014-05-03 08:58:08 ----A---- C:\Windows\system.ini
2014-05-03 08:54:51 ----D---- C:\Windows\SYSWOW64\drivers
2014-05-03 08:54:51 ----D---- C:\Windows\AppPatch
2014-05-03 08:54:50 ----D---- C:\Program Files (x86)\Common Files
2014-05-03 08:48:30 ----D---- C:\Windows\system32\drivers
2014-05-03 08:31:47 ----D---- C:\Windows\system32\WDI
2014-05-03 08:31:27 ----D---- C:\Windows\system32\catroot2
2014-05-02 11:00:35 ----D---- C:\ProgramData
2014-05-02 10:53:45 ----D---- C:\Users\Slezák\AppData\Roaming\VSO
2014-05-02 10:53:45 ----D---- C:\ProgramData\VSO
2014-05-02 10:52:06 ----D---- C:\Windows\system32\Tasks
2014-05-02 10:47:34 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-02 10:47:33 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-04-30 13:57:51 ----D---- C:\Program Files (x86)\Google
2014-04-30 13:57:50 ----SHD---- C:\Windows\Installer
2014-04-30 13:57:50 ----D---- C:\Windows\Tasks
2014-04-30 13:45:01 ----D---- C:\Program Files (x86)\Canon
2014-04-30 13:39:29 ----D---- C:\Users\Slezák\AppData\Roaming\Canon
2014-04-30 13:39:28 ----HD---- C:\ProgramData\CanonIJScan
2014-04-30 13:39:28 ----D---- C:\Windows\twain_32
2014-04-22 15:56:25 ----D---- C:\Users\Slezák\AppData\Roaming\Media Player Classic
2014-04-22 15:56:17 ----D---- C:\Windows\Debug
2014-04-19 11:21:09 ----D---- C:\Users\Slezák\AppData\Roaming\vlc
2014-04-16 08:24:57 ----D---- C:\Windows\SYSWOW64\migration
2014-04-16 08:24:57 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-16 08:24:56 ----D---- C:\Windows\system32\migration
2014-04-16 08:24:56 ----D---- C:\Program Files\Internet Explorer
2014-04-15 18:07:20 ----D---- C:\Windows\system32\MRT
2014-04-15 18:05:11 ----A---- C:\Windows\system32\mrt.exe
2014-04-15 13:18:59 ----RSD---- C:\Windows\assembly
2014-04-15 13:18:44 ----D---- C:\Windows\Microsoft.NET
2014-04-15 13:08:15 ----D---- C:\Windows\system32\Msdtc
2014-04-15 13:08:12 ----D---- C:\Windows\system32\wbem
2014-04-15 13:07:30 ----D---- C:\Windows\system32\config
2014-04-15 13:07:05 ----RSD---- C:\Windows\Media
2014-04-15 13:07:05 ----D---- C:\Windows\SYSWOW64\wbem
2014-04-15 13:07:04 ----D---- C:\Windows\system32\spool
2014-04-15 13:07:03 ----D---- C:\Windows\system32\drivers\UMDF
2014-04-15 13:07:03 ----D---- C:\Windows\system32\drivers\etc
2014-04-15 13:07:03 ----D---- C:\Windows\system32\CodeIntegrity
2014-04-15 13:06:58 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys [2011-03-07 24880]
R0 mvs91xx;mvs91xx; C:\Windows\system32\DRIVERS\mvs91xx.sys [2011-03-14 313136]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
R3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q; C:\Windows\system32\DRIVERS\e1q60x64.sys [2010-07-08 282288]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-05-12 24072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-02 2536040]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-31 15680]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-02-26 11036448]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 87040]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys []
S3 b57nd60a;%SvcDispName%; C:\Windows\system32\DRIVERS\b57nd60a.sys [2008-01-21 214016]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2009-06-17 30736]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys [2009-06-17 89616]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2009-06-17 112144]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-05-03 119512]
S3 MonitorFunction;Driver for Monitor; C:\Windows\system32\DRIVERS\TVMonitor.sys [2013-06-06 16376]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2010-03-06 20480]
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys []
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2008-10-16 183296]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19456]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 40960]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2010-04-07 127800]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2011-01-17 164520]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 27648]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 27648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
R2 TinyWall;TinyWall Service; C:\Program Files (x86)\TinyWall\TinyWall.exe [2013-07-14 649176]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-12-08 68136]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 1012344]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[matikolus]

PC zdá se být v pořádku.

[Roli]

PC zdá se být v pořádku.

Jen ještě doladíme.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Qoobox
C:\Program Files (x86)\Spybot - Search & Destroy
C:\ProgramData\Spybot - Search & Destroy

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[matikolus]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Monitoring folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Slezák
->Temp folder emptied: 139537 bytes
->Temporary Internet Files folder emptied: 55099 bytes
->FireFox cache emptied: 107301259 bytes
->Flash cache emptied: 42717 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12256 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33109 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782663 bytes
RecycleBin emptied: 872 bytes

Total Files Cleaned = 137,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 05132014_094945

Files moved on Reboot...
File C:\Qoobox\BackEnv not found!
C:\Users\Slezák\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\Slezák\AppData\Local\Mozilla\Firefox\Profiles\m20zmsgf.default\Cache\3\15\97C2Bm01 not found!

Registry entries deleted on Reboot...