Policejní virus znova

Zpráva

Kachnacicek · #1 Příspěvek od **Kachnacicek** » 14 lis 2014 22:07

Zdravím, mám problém na stolním PC se mi objevil Policejní virus se Zemanem (za 2000). Nevím, co s ním, povedlo se mi ho vypnout aby se nezapínal po spuštění, takže naoko počítač funguje normálně, ale ten vir tam zcela jistě pořád je. Přikládám RSIT log, mohl bych poprosit o radu?

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2014-11-14 20:52:07
WIN_7 Service Pack 1
System drive C: has 899 GB (94%) free of 954 GB
Total RAM: 4094 MB (65% free)

======Listing Processes======

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-04 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-26 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a79cdac-f710-4996-842b-fdc33b785a35}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-04 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-26 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-26 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-26 194504]
{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"snp325"=C:\Windows\vsnp325.exe [2007-05-10 835584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01 22065760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
C:\Windows\tsnp325.exe [2007-04-21 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk]
C:\PROGRA~3\3330BE86.cpp [2014-11-12 520192]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"FixCamera"=C:\Windows\FixCamera.exe [2007-07-11 20480]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04 4085896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-14 20:49:49 ----D---- C:\Program Files\trend micro
2014-11-14 20:49:18 ----D---- C:\rsit
2014-11-14 20:44:55 ----A---- C:\Windows\system32\drivers\SMR430.dat
2014-11-14 19:14:01 ----D---- C:\NPE
2014-11-14 19:10:03 ----A---- C:\Windows\system32\drivers\SMR430.SYS
2014-11-14 19:09:57 ----D---- C:\ProgramData\Norton
2014-11-14 19:06:08 ----D---- C:\Windows\pss
2014-11-14 18:44:41 ----A---- C:\Windows\ntbtlog.txt
2014-11-12 08:15:44 ----A---- C:\Windows\system32\generaltel.dll
2014-11-12 08:15:44 ----A---- C:\Windows\system32\aepdu.dll
2014-11-12 08:15:44 ----A---- C:\Windows\system32\aeinv.dll
2014-11-12 08:15:42 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-11-12 08:15:42 ----A---- C:\Windows\system32\termsrv.dll
2014-11-12 08:15:42 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-12 08:15:42 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-11-12 08:15:42 ----A---- C:\Windows\system32\adtschema.dll
2014-11-12 08:15:41 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-11-12 08:15:41 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-11-12 08:15:41 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-11-12 08:15:41 ----A---- C:\Windows\system32\msaudite.dll
2014-11-12 08:15:38 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-11-12 08:15:38 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-11-12 08:15:38 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-11-12 08:15:38 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-11-12 08:15:38 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-11-12 08:15:38 ----A---- C:\Windows\system32\ie4uinit.exe
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-11-12 08:15:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:15:37 ----A---- C:\Windows\system32\iernonce.dll
2014-11-12 08:15:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-11-12 08:15:36 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-11-12 08:15:36 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-11-12 08:15:36 ----A---- C:\Windows\system32\urlmon.dll
2014-11-12 08:15:36 ----A---- C:\Windows\system32\iedkcs32.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-11-12 08:15:35 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 08:15:35 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-12 08:15:35 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 08:15:35 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-12 08:15:34 ----A---- C:\Windows\system32\iesetup.dll
2014-11-12 08:15:34 ----A---- C:\Windows\system32\iertutil.dll
2014-11-12 08:15:34 ----A---- C:\Windows\system32\ieapfltr.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-11-12 08:15:33 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-12 08:15:33 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-12 08:15:32 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-12 08:15:32 ----A---- C:\Windows\system32\ieui.dll
2014-11-12 08:15:32 ----A---- C:\Windows\system32\ieframe.dll
2014-11-12 08:15:32 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\wininet.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\vbscript.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\jscript9diag.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\jscript9.dll
2014-11-12 08:15:30 ----A---- C:\Windows\system32\msrating.dll
2014-11-12 08:15:30 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 08:14:19 ----A---- C:\Windows\system32\msxml3.dll
2014-11-12 08:14:18 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-11-12 08:14:18 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-11-12 08:14:18 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2014-11-12 08:14:18 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-12 08:14:18 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:14:17 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-11-12 08:14:17 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-11-12 08:14:17 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\EncDump.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\AudioSes.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\wdigest.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\TSpkg.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\schannel.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\ncrypt.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\msv1_0.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\kerberos.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\credssp.dll
2014-11-12 08:14:11 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-11-12 08:14:11 ----A---- C:\Windows\system32\win32k.sys
2014-11-12 08:14:11 ----A---- C:\Windows\system32\packager.dll
2014-11-12 08:14:08 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-11-12 08:14:08 ----A---- C:\Windows\system32\msi.dll
2014-11-12 08:14:06 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-11-12 08:14:06 ----A---- C:\Windows\system32\oleaut32.dll
2014-11-10 07:26:01 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-10-16 10:00:47 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-16 10:00:47 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-16 10:00:47 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-16 10:00:47 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 10:00:47 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 10:00:47 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 09:59:51 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-16 09:59:51 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 09:59:51 ----A---- C:\Windows\system32\mstsc.exe
2014-10-16 09:59:50 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-16 09:59:50 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-16 09:59:50 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-16 09:59:50 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 09:59:50 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 09:59:50 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:59:50 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 09:59:49 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 09:59:37 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 09:59:36 ----A---- C:\Windows\SYSWOW64\rastls.dll

======List of files/folders modified in the last 1 month======

2014-11-14 20:52:04 ----D---- C:\Windows\Temp
2014-11-14 20:51:45 ----D---- C:\Windows\Prefetch
2014-11-14 20:49:49 ----D---- C:\Program Files
2014-11-14 20:44:55 ----HD---- C:\ProgramData
2014-11-14 20:44:55 ----D---- C:\Windows\system32\drivers
2014-11-14 20:34:49 ----D---- C:\Windows
2014-11-14 20:31:47 ----D---- C:\Windows\system32\config
2014-11-14 19:16:04 ----D---- C:\Windows\system32\NDF
2014-11-14 17:45:52 ----D---- C:\Users\Petr\AppData\Roaming\Skype
2014-11-14 17:31:46 ----D---- C:\Windows\inf
2014-11-12 16:31:14 ----SHD---- C:\Windows\Installer
2014-11-12 16:29:43 ----SHD---- C:\System Volume Information
2014-11-12 16:20:26 ----D---- C:\Windows\rescache
2014-11-12 15:50:44 ----D---- C:\Windows\Microsoft.NET
2014-11-12 15:50:03 ----RSD---- C:\Windows\assembly
2014-11-12 15:43:28 ----D---- C:\Windows\winsxs
2014-11-12 15:41:58 ----SD---- C:\Windows\system32\CompatTel
2014-11-12 15:41:57 ----D---- C:\Windows\System32
2014-11-12 15:41:56 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-12 15:41:56 ----D---- C:\Windows\SysWOW64
2014-11-12 15:41:56 ----D---- C:\Windows\system32\cs-CZ
2014-11-12 15:41:55 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-12 15:41:55 ----D---- C:\Windows\system32\en-US
2014-11-12 15:41:55 ----D---- C:\Program Files\Internet Explorer
2014-11-12 15:41:53 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-12 12:52:32 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-11-12 10:33:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-12 08:14:01 ----D---- C:\Windows\system32\catroot
2014-11-12 08:13:56 ----D---- C:\Windows\system32\catroot2
2014-10-28 18:22:39 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2014-10-28 06:34:58 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-23 12:59:07 ----RD---- C:\Program Files (x86)
2014-10-23 12:59:03 ----D---- C:\Windows\Tasks
2014-10-16 09:53:48 ----D---- C:\ProgramData\Skype
2014-10-16 09:53:43 ----RD---- C:\Program Files (x86)\Skype
2014-10-16 09:53:43 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-04 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-04 224896]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-04 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-08-04 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-04 427360]
R1 SMR430;Symantec SMR Utility Service 4.3.0; C:\Windows\System32\drivers\SMR430.SYS [2014-11-14 108216]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-04 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-04 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-04 92008]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168]
S1 aswKbd;aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys []
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-11-22 10733184]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-04 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-19 1259296]
S2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-09-27 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-09-16 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 14 lis 2014 22:28

Prijemny patecni vecer Vam preju

Ano, jeste se tam schovava, ale dostaneme ho ven

Odinstalujte Skype Click to Call

Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
ukoncete vsechny programy
kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log
vlozte i novy log RSIT

Kód: Vybrat vše

:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[ResetHosts]
[CreateRestorePoint]

:services
gupdate
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\PROGRA~3\3330BE86.cpp

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a79cdac-f710-4996-842b-fdc33b785a35}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}"=-
"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"GrooveMonitor"=-

Kachnacicek · #3 Příspěvek od **Kachnacicek** » 14 lis 2014 22:50

Dobrý večer, děkuji za bleskovou odpověď!

RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2014-11-14 21:37:04
WIN_7 Service Pack 1
System drive C: has 900 GB (94%) free of 954 GB
Total RAM: 4094 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:32, on 14.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Windows\vsnp325.exe
C:\Windows\FixCamera.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://seznam.cz/?clid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=78 ... wwodo30AOw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3761197365-1669423621-406412778-1000\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - HKUS\S-1-5-21-3761197365-1669423621-406412778-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3761197365-1669423621-406412778-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - Unknown owner - C:\Program Files\AVAST Software\Avast\afwServ.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7805 bytes

======Listing Processes======

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-04 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-26 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-04 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-26 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-26 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-26 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"snp325"=C:\Windows\vsnp325.exe [2007-05-10 835584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01 22065760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
C:\Windows\tsnp325.exe [2007-04-21 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk]
C:\PROGRA~3\3330BE86.cpp,zSS1 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"FixCamera"=C:\Windows\FixCamera.exe [2007-07-11 20480]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04 4085896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-14 21:32:13 ----D---- C:\_OTM
2014-11-14 20:49:49 ----D---- C:\Program Files\trend micro
2014-11-14 20:49:18 ----D---- C:\rsit
2014-11-14 19:14:01 ----D---- C:\NPE
2014-11-14 19:09:57 ----D---- C:\ProgramData\Norton
2014-11-14 19:06:08 ----D---- C:\Windows\pss
2014-11-14 18:44:41 ----A---- C:\Windows\ntbtlog.txt
2014-11-12 08:15:44 ----A---- C:\Windows\system32\generaltel.dll
2014-11-12 08:15:44 ----A---- C:\Windows\system32\aepdu.dll
2014-11-12 08:15:44 ----A---- C:\Windows\system32\aeinv.dll
2014-11-12 08:15:42 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-11-12 08:15:42 ----A---- C:\Windows\system32\termsrv.dll
2014-11-12 08:15:42 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-12 08:15:42 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-11-12 08:15:42 ----A---- C:\Windows\system32\adtschema.dll
2014-11-12 08:15:41 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-11-12 08:15:41 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-11-12 08:15:41 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-11-12 08:15:41 ----A---- C:\Windows\system32\msaudite.dll
2014-11-12 08:15:38 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-11-12 08:15:38 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-11-12 08:15:38 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-11-12 08:15:38 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-11-12 08:15:38 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-11-12 08:15:38 ----A---- C:\Windows\system32\ie4uinit.exe
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-11-12 08:15:37 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-11-12 08:15:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:15:37 ----A---- C:\Windows\system32\iernonce.dll
2014-11-12 08:15:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-11-12 08:15:36 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-11-12 08:15:36 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-11-12 08:15:36 ----A---- C:\Windows\system32\urlmon.dll
2014-11-12 08:15:36 ----A---- C:\Windows\system32\iedkcs32.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-11-12 08:15:35 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-11-12 08:15:35 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 08:15:35 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-12 08:15:35 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 08:15:35 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-12 08:15:34 ----A---- C:\Windows\system32\iesetup.dll
2014-11-12 08:15:34 ----A---- C:\Windows\system32\iertutil.dll
2014-11-12 08:15:34 ----A---- C:\Windows\system32\ieapfltr.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-11-12 08:15:33 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-11-12 08:15:33 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-12 08:15:33 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-12 08:15:32 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-12 08:15:32 ----A---- C:\Windows\system32\ieui.dll
2014-11-12 08:15:32 ----A---- C:\Windows\system32\ieframe.dll
2014-11-12 08:15:32 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\wininet.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\vbscript.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\jscript9diag.dll
2014-11-12 08:15:31 ----A---- C:\Windows\system32\jscript9.dll
2014-11-12 08:15:30 ----A---- C:\Windows\system32\msrating.dll
2014-11-12 08:15:30 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 08:14:19 ----A---- C:\Windows\system32\msxml3.dll
2014-11-12 08:14:18 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-11-12 08:14:18 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-11-12 08:14:18 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2014-11-12 08:14:18 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-12 08:14:18 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:14:17 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-11-12 08:14:17 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-11-12 08:14:17 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\EncDump.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\AudioSes.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:14:17 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-12 08:14:15 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\wdigest.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\TSpkg.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\schannel.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\ncrypt.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\msv1_0.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\kerberos.dll
2014-11-12 08:14:15 ----A---- C:\Windows\system32\credssp.dll
2014-11-12 08:14:11 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-11-12 08:14:11 ----A---- C:\Windows\system32\win32k.sys
2014-11-12 08:14:11 ----A---- C:\Windows\system32\packager.dll
2014-11-12 08:14:08 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-11-12 08:14:08 ----A---- C:\Windows\system32\msi.dll
2014-11-12 08:14:06 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-11-12 08:14:06 ----A---- C:\Windows\system32\oleaut32.dll
2014-11-10 07:26:01 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-10-16 10:00:47 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-16 10:00:47 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-16 10:00:47 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-16 10:00:47 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 10:00:47 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 10:00:47 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 09:59:51 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-16 09:59:51 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 09:59:51 ----A---- C:\Windows\system32\mstsc.exe
2014-10-16 09:59:50 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-16 09:59:50 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-16 09:59:50 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-16 09:59:50 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 09:59:50 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 09:59:50 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:59:50 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 09:59:49 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 09:59:37 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 09:59:36 ----A---- C:\Windows\SYSWOW64\rastls.dll

======List of files/folders modified in the last 1 month======

2014-11-14 21:47:39 ----D---- C:\Windows\Temp
2014-11-14 21:37:16 ----D---- C:\Users\Petr\AppData\Roaming\Skype
2014-11-14 21:34:15 ----D---- C:\Windows\system32\drivers
2014-11-14 21:33:44 ----D---- C:\Windows\system32\config
2014-11-14 21:33:36 ----HD---- C:\ProgramData
2014-11-14 21:33:36 ----D---- C:\Windows\Tasks
2014-11-14 21:32:39 ----D---- C:\Windows\system32\drivers\etc
2014-11-14 21:32:34 ----D---- C:\Windows
2014-11-14 21:31:54 ----D---- C:\Windows\Prefetch
2014-11-14 21:30:45 ----SHD---- C:\Windows\Installer
2014-11-14 21:30:45 ----RD---- C:\Program Files (x86)\Skype
2014-11-14 21:30:37 ----SHD---- C:\System Volume Information
2014-11-14 20:49:49 ----D---- C:\Program Files
2014-11-14 19:16:04 ----D---- C:\Windows\system32\NDF
2014-11-14 17:31:46 ----D---- C:\Windows\inf
2014-11-12 16:20:26 ----D---- C:\Windows\rescache
2014-11-12 15:50:44 ----D---- C:\Windows\Microsoft.NET
2014-11-12 15:50:03 ----RSD---- C:\Windows\assembly
2014-11-12 15:43:28 ----D---- C:\Windows\winsxs
2014-11-12 15:41:58 ----SD---- C:\Windows\system32\CompatTel
2014-11-12 15:41:57 ----D---- C:\Windows\System32
2014-11-12 15:41:56 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-12 15:41:56 ----D---- C:\Windows\SysWOW64
2014-11-12 15:41:56 ----D---- C:\Windows\system32\cs-CZ
2014-11-12 15:41:55 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-12 15:41:55 ----D---- C:\Windows\system32\en-US
2014-11-12 15:41:55 ----D---- C:\Program Files\Internet Explorer
2014-11-12 15:41:53 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-12 12:52:32 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-11-12 10:33:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-12 08:14:01 ----D---- C:\Windows\system32\catroot
2014-11-12 08:13:56 ----D---- C:\Windows\system32\catroot2
2014-10-28 18:22:39 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2014-10-28 06:34:58 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-23 12:59:07 ----RD---- C:\Program Files (x86)
2014-10-16 09:53:48 ----D---- C:\ProgramData\Skype
2014-10-16 09:53:43 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-04 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-04 224896]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-04 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-08-04 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-04 427360]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-04 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-04 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-04 92008]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168]
S1 aswKbd;aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys []
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-11-22 10733184]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-04 50344]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-19 1259296]
S2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 267440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-09-16 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

OTM:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Petr
->Temp folder emptied: 7459660 bytes
->Temporary Internet Files folder emptied: 226567688 bytes
->Google Chrome cache emptied: 15119531 bytes
->Flash cache emptied: 2080 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5783146 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 243,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Petr
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Petr

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP113E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP554E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\PROGRA~3\3330BE86.cpp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a79cdac-f710-4996-842b-fdc33b785a35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a79cdac-f710-4996-842b-fdc33b785a35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 11142014_213213

Files moved on Reboot...
C:\Users\Petr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#4 Příspěvek od **altrok** » 14 lis 2014 22:53

Jeste se drzi... dejte log z FRSTLauncheru http://forum.viry.cz/viewtopic.php?f=13&t=133100

Kachnacicek · #5 Příspěvek od **Kachnacicek** » 14 lis 2014 23:09

Nelze spustit - píše, že se nenachází na ploše, přitom tam je... Spustil jsem ho jako admin.

#6 Příspěvek od **altrok** » 14 lis 2014 23:10

Spustte tedy jen FRST64.exe... Vlozte mi oba logy (FRST.txt i Addition.txt)

Kachnacicek · #7 Příspěvek od **Kachnacicek** » 14 lis 2014 23:12

Tak ne, jen sem blbec a nepřečet jsem si pořádně návod, stáhnul jsem jen Launcher

Chcete Adition.txt a normální nebo jen nějaký z nich?

Děkuji

#8 Příspěvek od **altrok** » 14 lis 2014 23:14

Pokud spravne udelate log pres FRSTLauncher, bude mi stacit pouze FRST.txt (Addition.txt idealne zabalte do .zip/.rar a prilozte)

Kachnacicek · #9 Příspěvek od **Kachnacicek** » 14 lis 2014 23:17

Zde, snad v pořádku, oba logy přiloženy.

#10 Příspěvek od **altrok** » 14 lis 2014 23:34

Ano, v poradku

Velikost plochy by nemela presahovat 200 MB. Snizuje se pak start i samotny chod celeho PC.

Co jste tam instaloval od Nortonu? Z logu to vypada, ze mate poskozeny Avast... uvidime po fixlogu

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=780CBF44&p2=^BA5^xdm007^S10970^cz&ptb=18F1D0D6-733F-4A21-A571-42747E02EB9B&si=COzV_KPwqcECFQgXwwodo30AOw
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://seznam.cz/?clid=2
URLSearchHook: HKCU - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
SearchScopes: HKCU - DefaultScope {AF12CB1E-6A49-45C7-B09E-451EE752FA97} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_2
SearchScopes: HKCU - {AF12CB1E-6A49-45C7-B09E-451EE752FA97} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_2
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR DefaultSearchKeyword: Default -> seznam
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
S2 Winmgmt; C:\PROGRA~3\68EB0333.dot [X]
C:\PROGRA~3\68EB0333.dot
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk" /f
C:\PROGRA~3\3330BE86.cpp
Hosts:
EmptyTemp:
End

Kachnacicek · #11 Příspěvek od **Kachnacicek** » 14 lis 2014 23:43

Dobrá, složky z plochy přesunu. Myslel jsem, že plocha je složka jako každá jiná

Od Nortonu jsem instaloval Power Eraser, měl být schopen odstranit tento virus.

Avastu jsem vypínal štíty po dobu dělání logů, není to ono?

Zde log, DÍKY:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Petr at 2014-11-14 22:37:37 Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr & UpdatusUser (Available profiles: Petr & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=78 ... wwodo30AOw
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://seznam.cz/?clid=2
URLSearchHook: HKCU - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
SearchScopes: HKCU - DefaultScope {AF12CB1E-6A49-45C7-B09E-451EE752FA97} URL = http://search.seznam.cz/?q={searchTerms ... ckSearch_2
SearchScopes: HKCU - {AF12CB1E-6A49-45C7-B09E-451EE752FA97} URL = http://search.seznam.cz/?q={searchTerms ... ckSearch_2
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR DefaultSearchKeyword: Default -> seznam
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?sourceid=quick ... earchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fullt ... earchTerms}
S2 Winmgmt; C:\PROGRA~3\68EB0333.dot [X]
C:\PROGRA~3\68EB0333.dot
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk" /f
C:\PROGRA~3\3330BE86.cpp
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d010537-9e99-400b-b652-b0d5a5757e5d} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}" => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF12CB1E-6A49-45C7-B09E-451EE752FA97}" => Key deleted successfully.
"HKCR\CLSID\{AF12CB1E-6A49-45C7-B09E-451EE752FA97}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
Winmgmt => Service restored successfully.
"C:\PROGRA~3\68EB0333.dot" => File/Directory not found.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

"C:\PROGRA~3\3330BE86.cpp" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 19.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#12 Příspěvek od **altrok** » 14 lis 2014 23:46

Ano, tim to byt muze - diky za info.

Timto by mel byt policejni virus smazany, ale docistime jeste dalsi zbytecnosti, ktere v PC mate.

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Clean
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Kachnacicek · #13 Příspěvek od **Kachnacicek** » 14 lis 2014 23:54

Fajn, super! Ještě se chci zeptat, jak je to s tou plochou? Opravdu velké soubory na ploše zpomalují systém?

Log z adw cleaneru zde:

# AdwCleaner v4.101 - Report created 14/11/2014 at 22:50:53
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Petr - PETR-PC
# Running from : C:\Users\Petr\Downloads\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Google Chrome v38.0.2125.111

*************************

AdwCleaner[R0].txt - [876 octets] - [14/11/2014 22:49:50]
AdwCleaner[S0].txt - [802 octets] - [14/11/2014 22:50:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [861 octets] ##########

#14 Příspěvek od **altrok** » 15 lis 2014 00:06

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

Upozorneni: tento sken zabere od 30 minut po nekolik hodin, takze ho tam pustte treba zrana nebo ted pres noc.. abyste s tim pocital

Ano, velke mnozstvi dat na plose je opravdu citit

Kachnacicek · #15 Příspěvek od **Kachnacicek** » 15 lis 2014 00:11

Dobrá tedy, moc děkuji za pomoc, s Vámi jsem se setkal na tomto fóru poprvé - Vaše rychlost odpovědí je úžasná, díky za to! Pustím scan, ráno hodím výsledky. Děkuji!

VIRY.CZ

Policejní virus znova

Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova

Re: Policejní virus znova