Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Náhlé zpomalení systému. Malware?

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
macijas
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 25 led 2014 17:47

Náhlé zpomalení systému. Malware?

#1 Příspěvek od macijas »

Ahoj, poprosil bych o zkontrolování LOGu, zničehonic se mi zpomalil systém a změnila homepage. Nevim, kde jsem k tomu přišel:/

Logfile of random's system information tool 1.10 (written by random/random)
Run by Matyáš at 2015-01-20 18:59:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 72 GB (16%) free of 462 GB
Total RAM: 3959 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:34, on 20.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
C:\Program Files\trend micro\Matyáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5v46529227
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT332145 ... 4A01&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocná služba pro poihlášení ke službi Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14330 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
WLIDSvcM.exe 2204
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe"
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" -Embedding
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding

"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1852.2e651d20.1047373155 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1852 "\\.\pipe\gecko-crash-server-pipe.1852" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe" --proxy-stub-channel=Flash4720.631D6160.7145 --host-broker-channel=Flash4720.631D6160.18234 --host-pid=4720 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe" --channel=7084.0028F7A4.1649768446 --proxy-stub-channel=Flash4720.631D6160.7145 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll" --host-npapi-version=27 --type=renderer
C:\Windows\system32\WLANExt.exe 74568736
\??\C:\Windows\system32\conhost.exe "2020179151-739985418-1921859239-145332066-10147456161799820195-1345844759-2085939677
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
C:\Windows\System32\svchost.exe -k WerSvcGroup
taskeng.exe {895F03A1-792A-4B44-AD64-52CFFDC15A95}
"C:\Users\Matyáš\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Matyáš\AppData\Roaming\Mozilla\Firefox\Profiles\ar3thoex.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.trovi.com/?gd=&ctid=CT332145 ... 4A01&SSPV="
prefs.js - "extensions.enabledItems" - "{340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, maps@ovi.com:5.2.7.0, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.257 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.257 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Matyáš\AppData\Roaming\Mozilla\Firefox\Profiles\ar3thoex.default\searchplugins\
trovi-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-06-20 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-20 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-29 9913376]
"mwlDaemon"=C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2010-04-07 17412200]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-12-10 1890088]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2010-03-17 860704]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-30 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2014-08-07 43816]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2009-12-24 284696]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-04-08 908368]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2012-02-23 59240]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-10-11 60712]
"openvpn-gui"=C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2014-06-04 2024800]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-10-02 421888]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2014-10-08 366904]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-01-20 18:43:39 ----D---- C:\Program Files\trend micro
2015-01-20 18:43:37 ----D---- C:\rsit
2015-01-17 10:08:43 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-16 20:12:21 ----D---- C:\ProgramData\GRETECH
2015-01-15 11:32:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-15 11:32:21 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-01-15 11:32:19 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-01-15 11:32:14 ----A---- C:\Windows\system32\srcore.dll
2015-01-15 11:32:14 ----A---- C:\Windows\system32\rstrui.exe
2015-01-15 11:32:13 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-01-15 11:32:13 ----A---- C:\Windows\system32\srclient.dll
2015-01-14 07:10:04 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 07:10:03 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:09:47 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-14 07:09:46 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 07:09:45 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 07:09:45 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2014-12-26 17:18:03 ----A---- C:\Windows\wwp.INI
2014-12-26 17:10:39 ----D---- C:\Team17
2014-12-26 17:06:25 ----D---- C:\Program Files (x86)\SearchProtect
2014-12-26 17:06:04 ----D---- C:\Users\Matyáš\AppData\Roaming\PowerISO
2014-12-26 17:05:24 ----A---- C:\Windows\system32\drivers\scdemu.sys
2014-12-26 17:05:04 ----D---- C:\Program Files (x86)\PowerISO

======List of files/folders modified in the last 1 month======

2015-01-20 18:59:31 ----D---- C:\Windows\Temp
2015-01-20 18:57:37 ----D---- C:\Windows\Prefetch
2015-01-20 18:43:39 ----RD---- C:\Program Files
2015-01-20 08:33:57 ----D---- C:\Windows\system32\config
2015-01-20 08:21:18 ----SHD---- C:\System Volume Information
2015-01-19 10:45:53 ----D---- C:\Windows\system32\drivers
2015-01-17 20:38:52 ----D---- C:\Windows\winsxs
2015-01-17 20:38:29 ----A---- C:\Windows\SYSWOW64\log.txt
2015-01-17 20:37:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 20:36:29 ----D---- C:\Windows\SysWOW64
2015-01-17 20:36:29 ----D---- C:\Windows\System32
2015-01-17 14:29:14 ----RD---- C:\Program Files (x86)
2015-01-16 20:12:21 ----HD---- C:\ProgramData
2015-01-15 22:46:23 ----D---- C:\Users\Matyáš\AppData\Roaming\Skype
2015-01-15 11:33:32 ----D---- C:\Windows\system32\MRT
2015-01-15 11:15:33 ----A---- C:\Windows\system32\MRT.exe
2015-01-15 11:12:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-14 07:09:55 ----D---- C:\Windows\system32\catroot
2015-01-14 07:09:18 ----D---- C:\Windows\system32\catroot2
2015-01-12 21:27:11 ----SHD---- C:\Windows\Installer
2015-01-12 21:27:10 ----D---- C:\ProgramData\Skype
2015-01-12 21:27:02 ----RD---- C:\Program Files (x86)\Skype
2015-01-12 12:10:50 ----D---- C:\Windows\AppPatch
2015-01-06 04:36:02 ----N---- C:\Windows\system32\MpSigStub.exe
2015-01-04 21:47:40 ----A---- C:\Windows\wininit.ini
2014-12-28 02:23:03 ----D---- C:\Windows\Minidump
2014-12-28 02:22:32 ----D---- C:\Windows
2014-12-28 02:18:59 ----D---- C:\Users\Matyáš\AppData\Roaming\BitTorrent
2014-12-26 17:10:38 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 51280]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2014-10-08 127760]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-04-01 3060800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-29 2231584]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
R3 SPPD;SPPD; \??\C:\Windows\system32\drivers\SPPD.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-12-10 301104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AVerAF35;AVerMedia A835 USB DVB-T; C:\Windows\System32\Drivers\AVerAF35.sys [2010-03-16 677632]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-03-05 335400]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-02-14 102440]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-13 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-13 21544]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-03-01 239136]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-12-02 213280]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 31232]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-07-28 54784]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340); C:\Windows\system32\drivers\WPRO_40_1340.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-26 920352]
R2 CltMngSvc;Search Protect Service; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2015-01-05 3342608]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-18 268824]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-07 393320]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-15 1436424]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-30 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-17 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-28 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Náhlé zpomalení systému. Malware?

#2 Příspěvek od altrok »

Zdravim :bye:

:arrow: Odkad jste instalacku PowerISO stahnul? Natahl jste si tam s nou havet ;) pred kazdym klikem na Next doporucuju cist co Vam instalacka nabizi.

Kód: Vybrat vše

2014-12-26 17:06:25 ----D---- C:\Program Files (x86)\SearchProtect
2014-12-26 17:06:04 ----D---- C:\Users\Matyáš\AppData\Roaming\PowerISO
2014-12-26 17:05:04 ----D---- C:\Program Files (x86)\PowerISO
:arrow: Odinstalujte
  • McAfee SiteAdvisor
  • Spybot - Search & Destroy
:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Clean
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
macijas
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 25 led 2014 17:47

Re: Náhlé zpomalení systému. Malware?

#3 Příspěvek od macijas »

Zdravím,

Spybot S&D jsem odinstaloval, nicméně McAfee nevím jak. V /ovládácí panely/odebrat programy není, ani ho nenajde ssystémové vyhledávání.

LOG zde:

# AdwCleaner v4.108 - Report created 20/01/2015 at 19:25:35
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Matyáš - MM
# Running from : C:\Users\Matyáš\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc
Service Deleted : SPPD

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Matyáš\AppData\Local\SearchProtect
File Deleted : C:\Users\Matyáš\daemonprocess.txt
File Deleted : C:\Users\Matyáš\AppData\Roaming\Mozilla\Firefox\Profiles\ar3thoex.default\searchplugins\trovi-search.xml

***** [ Scheduled Tasks ] *****

Task Deleted : DTReg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\RST
Key Deleted : HKCU\Software\Video Player
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v35.0 (x86 cs)

[ar3thoex.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid ... A-4E95-4FD[...]
[ar3thoex.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
[ar3thoex.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
[ar3thoex.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid ... -4FD1-A413[...]

*************************

AdwCleaner[R0].txt - [29841 octets] - [25/01/2014 18:08:30]
AdwCleaner[R1].txt - [1081 octets] - [25/01/2014 20:38:04]
AdwCleaner[R2].txt - [4328 octets] - [20/01/2015 19:22:58]
AdwCleaner[S0].txt - [28889 octets] - [25/01/2014 18:10:16]
AdwCleaner[S1].txt - [3789 octets] - [20/01/2015 19:25:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3849 octets] ##########
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Náhlé zpomalení systému. Malware?

#4 Příspěvek od altrok »

macijas píše:nicméně McAfee nevím jak
mozna je to jen pozustatek... kouknem na nej z jineho logu

:arrow: Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
macijas
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 25 led 2014 17:47

Re: Náhlé zpomalení systému. Malware?

#5 Příspěvek od macijas »

Děkuji.

Addition.txt přikládám v příloze, zde LOG:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Matyáš (administrator) on MM on 20-01-2015 20:04:58
Running from C:\Users\Matyáš\Desktop
Loaded Profiles: Matyáš (Available profiles: Matyáš & Host)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(forum.viry.cz) C:\Users\Matyáš\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-09-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2838912 2010-09-07] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-08] (Power Software Ltd)
HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\...\MountPoints2: {cb06ea68-e8bb-11e2-b518-705ab6d3a000} - E:\LGAutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matyáš\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matyáš\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matyáš\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matyáš\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5v46529227
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2969430462-2651391548-2970613342-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... AW_csCZ399
SearchScopes: HKU\S-1-5-21-2969430462-2651391548-2970613342-1002 -> {6F90EA36-A254-4269-B095-6295DC245406} URL = http://www.mysearchresults.com/search?c ... earchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2969430462-2651391548-2970613342-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 88.209.32.12 88.209.32.38

FireFox:
========
FF ProfilePath: C:\Users\Matyáš\AppData\Roaming\Mozilla\Firefox\Profiles\ar3thoex.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: YouTube mp3 - C:\Users\Matyáš\AppData\Roaming\Mozilla\Firefox\Profiles\ar3thoex.default\Extensions\info@youtube-mp3.org.xpi [2014-11-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-09-30] (Macrovision Europe Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-09-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-09-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-09-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-09-07] (AVAST Software)
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [677632 2010-03-16] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 20:04 - 2015-01-20 20:05 - 00017323 _____ () C:\Users\Matyáš\Desktop\FRST.txt
2015-01-20 20:04 - 2015-01-20 20:05 - 00000000 ____D () C:\FRST
2015-01-20 20:04 - 2015-01-20 20:04 - 02126848 _____ (Farbar) C:\Users\Matyáš\Desktop\FRST64.exe
2015-01-20 20:04 - 2015-01-20 20:04 - 00015327 _____ () C:\Users\Matyáš\Desktop\LM.bat
2015-01-20 20:03 - 2015-01-20 20:04 - 00029696 _____ () C:\Users\Matyáš\AppData\Local\MSGBOX.EXE
2015-01-20 20:02 - 2015-01-20 20:02 - 00112640 _____ (forum.viry.cz) C:\Users\Matyáš\Desktop\FRSTLauncher.exe
2015-01-20 19:21 - 2015-01-20 19:21 - 02186752 _____ () C:\Users\Matyáš\Desktop\adwcleaner_4.108.exe
2015-01-20 18:44 - 2015-01-20 18:44 - 00000334 _____ () C:\Users\Matyáš\Desktop\škola-bayreuth.txt
2015-01-20 18:43 - 2015-01-20 18:59 - 00000000 ____D () C:\Program Files\trend micro
2015-01-20 18:43 - 2015-01-20 18:44 - 00000000 ____D () C:\rsit
2015-01-20 18:42 - 2015-01-20 18:42 - 01222144 _____ () C:\Users\Matyáš\Desktop\RSITx64.exe
2015-01-17 16:19 - 2015-01-17 17:59 - 1158489216 _____ () C:\Users\Matyáš\Desktop\Vejška--2014.avi
2015-01-17 10:08 - 2015-01-17 10:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 20:12 - 2015-01-16 20:12 - 00000000 ____D () C:\ProgramData\GRETECH
2015-01-16 20:11 - 2015-01-16 20:11 - 00001217 _____ () C:\Users\Matyáš\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-01-16 20:11 - 2015-01-16 20:11 - 00001193 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2015-01-15 12:30 - 2015-01-20 18:43 - 00013371 _____ () C:\Users\Matyáš\Desktop\Suplementace.xlsx
2015-01-15 11:32 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 11:32 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 11:32 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 11:32 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 11:32 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 11:32 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 11:32 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:10 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:10 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:09 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:09 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:09 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:09 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 11:56 - 2015-01-12 11:56 - 00145556 _____ () C:\Users\Matyáš\Desktop\JINÉ PRÁVO Souboj s odborným textem a kouzlo přepisování.html
2015-01-12 11:56 - 2015-01-12 11:56 - 00000000 ____D () C:\Users\Matyáš\Desktop\JINÉ PRÁVO Souboj s odborným textem a kouzlo přepisování_soubory
2015-01-11 19:54 - 2015-01-11 19:54 - 00093203 _____ () C:\Users\Matyáš\Desktop\The-King-s-Speech(0000176855).srt
2015-01-11 19:50 - 2015-01-11 19:51 - 00097275 _____ () C:\Users\Matyáš\Desktop\The-King-s-Speech(0000169374).srt
2015-01-09 10:50 - 2015-01-09 10:51 - 00000000 ____D () C:\Users\Matyáš\Desktop\index
2015-01-05 13:52 - 2015-01-05 13:52 - 02003937 _____ () C:\Users\Matyáš\Desktop\293980.kasparkuv_vyber_2014.epub
2015-01-05 13:52 - 2015-01-05 13:52 - 01409279 _____ () C:\Users\Matyáš\Desktop\293978.kasparkuv_vyber_2013.epub
2014-12-28 18:15 - 2014-12-28 18:26 - 00000000 ____D () C:\Users\Matyáš\Desktop\rwéčko
2014-12-28 02:23 - 2014-12-28 02:23 - 00472392 _____ () C:\Windows\Minidump\122814-53867-01.dmp
2014-12-26 17:18 - 2014-12-28 19:02 - 00000083 _____ () C:\Windows\wwp.INI
2014-12-26 17:10 - 2014-12-26 17:10 - 00000000 ____D () C:\Team17
2014-12-26 17:10 - 2014-12-26 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17
2014-12-26 17:06 - 2015-01-20 19:25 - 00000000 ____D () C:\Users\Matyáš\AppData\Local\SearchProtect
2014-12-26 17:06 - 2014-12-26 17:06 - 00000000 ____D () C:\Users\Matyáš\Downloads\Worms World Party
2014-12-26 17:06 - 2014-12-26 17:06 - 00000000 ____D () C:\Users\Matyáš\AppData\Roaming\PowerISO
2014-12-26 17:05 - 2014-12-26 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-12-26 17:05 - 2014-12-26 17:05 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-12-26 17:05 - 2014-10-08 14:13 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2014-12-26 16:29 - 2014-12-26 16:52 - 594497536 ____R () C:\Users\Matyáš\Downloads\Worms World Party.iso

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 20:06 - 2014-02-15 21:01 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 19:59 - 2013-03-19 12:46 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 19:36 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:36 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:35 - 2010-05-20 03:16 - 01280001 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 19:28 - 2014-02-15 21:01 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 19:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 19:27 - 2009-07-14 05:51 - 00161721 _____ () C:\Windows\setupact.log
2015-01-20 19:26 - 2010-05-20 03:13 - 00230982 _____ () C:\Windows\PFRO.log
2015-01-20 19:25 - 2014-01-25 18:08 - 00000000 ____D () C:\AdwCleaner
2015-01-20 19:25 - 2010-09-27 14:16 - 00000000 ____D () C:\Users\Matyáš
2015-01-20 19:18 - 2010-09-28 13:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 19:18 - 2010-09-28 13:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-17 20:37 - 2012-09-24 23:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 20:11 - 2012-01-08 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-01-15 22:46 - 2010-09-27 19:33 - 00000000 ____D () C:\Users\Matyáš\AppData\Roaming\Skype
2015-01-15 20:44 - 2014-10-14 19:35 - 00031744 ____H () C:\Users\Matyáš\Desktop\~WRL2701.tmp
2015-01-15 19:54 - 2014-10-14 19:35 - 00032256 ____H () C:\Users\Matyáš\Desktop\~WRL3787.tmp
2015-01-15 17:40 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL2011.tmp
2015-01-15 17:40 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL0020.tmp
2015-01-15 17:28 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL2792.tmp
2015-01-15 17:15 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL0241.tmp
2015-01-15 11:33 - 2013-07-20 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 11:15 - 2011-08-11 16:13 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 11:12 - 2013-03-19 12:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 11:12 - 2013-03-19 12:46 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 11:12 - 2011-10-07 09:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 21:27 - 2014-10-08 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-12 21:27 - 2010-09-27 19:31 - 00000000 ____D () C:\ProgramData\Skype
2015-01-12 11:54 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL0012.tmp
2015-01-12 11:30 - 2014-05-05 14:20 - 00000000 ____D () C:\Users\Matyáš\Desktop\UPPER CROSS SYNDROME
2015-01-10 20:09 - 2011-01-09 17:30 - 00000132 _____ () C:\Users\Matyáš\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-06 04:36 - 2010-09-27 14:34 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 21:47 - 2012-12-24 08:02 - 00003640 _____ () C:\Windows\wininit.ini
2014-12-28 19:38 - 2010-09-27 14:30 - 00040846 _____ () C:\Windows\DirectX.log
2014-12-28 17:05 - 2014-09-11 16:58 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-28 02:23 - 2011-08-10 21:43 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 02:23 - 2009-07-14 05:45 - 05226360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-28 02:22 - 2011-08-10 21:42 - 443679858 _____ () C:\Windows\MEMORY.DMP
2014-12-28 02:18 - 2014-09-17 13:29 - 00000000 ____D () C:\Users\Matyáš\AppData\Roaming\BitTorrent
2014-12-26 17:17 - 2011-03-17 17:47 - 00000000 ____D () C:\Users\Matyáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 17:10 - 2010-04-21 11:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-21 14:56 - 2014-12-08 14:17 - 00019968 ____H () C:\Users\Matyáš\Desktop\~WRL0055.tmp

==================== Files in the root of some directories =======
2011-02-23 20:12 - 2011-03-01 15:29 - 0000132 _____ () C:\Users\Matyáš\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-04-28 21:50 - 2013-04-28 21:50 - 0000132 _____ () C:\Users\Matyáš\AppData\Roaming\Adobe GIF Format CS5 Prefs
2011-01-09 17:30 - 2015-01-10 20:09 - 0000132 _____ () C:\Users\Matyáš\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-01-31 20:06 - 2013-02-14 20:15 - 0098322 _____ () C:\Users\Matyáš\AppData\Roaming\Requiem.log
2001-08-15 11:48 - 2001-08-15 11:48 - 0000536 ____H () C:\Users\Matyáš\AppData\Roaming\winpmltspb6
2011-05-16 10:32 - 2011-05-16 10:32 - 0000000 _____ () C:\Users\Matyáš\AppData\Roaming\wklnhst.dat
2012-07-22 07:07 - 2013-11-09 18:19 - 0001456 _____ () C:\Users\Matyáš\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-10-07 23:58 - 2013-12-08 07:30 - 0039424 _____ () C:\Users\Matyáš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-20 20:03 - 2015-01-20 20:04 - 0029696 _____ () C:\Users\Matyáš\AppData\Local\MSGBOX.EXE
2010-09-27 19:34 - 2010-09-27 19:34 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-04-21 11:41 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2003-02-10 00:13 - 2003-02-10 00:13 - 0000416 ____H () C:\ProgramData\systmsp2pb6

ZeroAccess:
C:\Users\Matyáš\AppData\Local\3fca0cc7
C:\Users\Matyáš\AppData\Local\3fca0cc7\@

Some content of TEMP:
====================
C:\Users\Matyáš\AppData\Local\Temp\ExPromo.exe
C:\Users\Matyáš\AppData\Local\Temp\Quarantine.exe
C:\Users\Matyáš\AppData\Local\Temp\sqlite3.dll
C:\Users\ree\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 14:11

==================== End Of Log ============================
Přílohy
Addition.rar
(8.79 KiB) Staženo 50 x
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Náhlé zpomalení systému. Malware?

#6 Příspěvek od altrok »

:arrow: Odinstalujte prehistorickou a deravou verzi Javy Java(TM) 6 Update 26. Pokud javu potrebujete, nainstalujte novou z java.com... z bezpecnostniho hlediska je lepsi ji nemit.

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-09-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\...\MountPoints2: {cb06ea68-e8bb-11e2-b518-705ab6d3a000} - E:\LGAutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2969430462-2651391548-2970613342-1002 -> {6F90EA36-A254-4269-B095-6295DC245406} URL = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}
Toolbar: HKU\S-1-5-21-2969430462-2651391548-2970613342-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
C:\Program Files (x86)\McAfee

S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X]

2015-01-20 20:04 - 2015-01-20 20:05 - 00017323 _____ () C:\Users\Matyáš\Desktop\FRST.txt
2015-01-20 20:04 - 2015-01-20 20:04 - 00015327 _____ () C:\Users\Matyáš\Desktop\LM.bat
2015-01-20 20:03 - 2015-01-20 20:04 - 00029696 _____ () C:\Users\Matyáš\AppData\Local\MSGBOX.EXE
2015-01-20 20:02 - 2015-01-20 20:02 - 00112640 _____ (forum.viry.cz) C:\Users\Matyáš\Desktop\FRSTLauncher.exe
2015-01-20 19:21 - 2015-01-20 19:21 - 02186752 _____ () C:\Users\Matyáš\Desktop\adwcleaner_4.108.exe
2015-01-20 18:43 - 2015-01-20 18:59 - 00000000 ____D () C:\Program Files\trend micro
2015-01-20 18:43 - 2015-01-20 18:44 - 00000000 ____D () C:\rsit
2015-01-20 18:42 - 2015-01-20 18:42 - 01222144 _____ () C:\Users\Matyáš\Desktop\RSITx64.exe
2014-12-26 17:06 - 2015-01-20 19:25 - 00000000 ____D () C:\Users\Matyáš\AppData\Local\SearchProtect
2015-01-20 19:25 - 2014-01-25 18:08 - 00000000 ____D () C:\AdwCleaner
2015-01-20 19:18 - 2010-09-28 13:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 19:18 - 2010-09-28 13:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2010-09-27 19:34 - 2010-09-27 19:34 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

C:\Users\Matyáš\AppData\Local\3fca0cc7
C:\Users\Matyáš\AppData\Local\3fca0cc7\@

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:561568A4
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
macijas
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 25 led 2014 17:47

Re: Náhlé zpomalení systému. Malware?

#7 Příspěvek od macijas »

JAVA odinstalována.

LOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Matyáš at 2015-01-20 20:55:18 Run:1
Running from C:\Users\Matyáš\Desktop
Loaded Profiles: Matyáš (Available profiles: Matyáš & Host)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-09-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\...\MountPoints2: {cb06ea68-e8bb-11e2-b518-705ab6d3a000} - E:\LGAutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2969430462-2651391548-2970613342-1002 -> {6F90EA36-A254-4269-B095-6295DC245406} URL = http://www.mysearchresults.com/search?c ... earchTerms}
Toolbar: HKU\S-1-5-21-2969430462-2651391548-2970613342-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
C:\Program Files (x86)\McAfee

S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X]

2015-01-20 20:04 - 2015-01-20 20:05 - 00017323 _____ () C:\Users\Matyáš\Desktop\FRST.txt
2015-01-20 20:04 - 2015-01-20 20:04 - 00015327 _____ () C:\Users\Matyáš\Desktop\LM.bat
2015-01-20 20:03 - 2015-01-20 20:04 - 00029696 _____ () C:\Users\Matyáš\AppData\Local\MSGBOX.EXE
2015-01-20 20:02 - 2015-01-20 20:02 - 00112640 _____ (forum.viry.cz) C:\Users\Matyáš\Desktop\FRSTLauncher.exe
2015-01-20 19:21 - 2015-01-20 19:21 - 02186752 _____ () C:\Users\Matyáš\Desktop\adwcleaner_4.108.exe
2015-01-20 18:43 - 2015-01-20 18:59 - 00000000 ____D () C:\Program Files\trend micro
2015-01-20 18:43 - 2015-01-20 18:44 - 00000000 ____D () C:\rsit
2015-01-20 18:42 - 2015-01-20 18:42 - 01222144 _____ () C:\Users\Matyáš\Desktop\RSITx64.exe
2014-12-26 17:06 - 2015-01-20 19:25 - 00000000 ____D () C:\Users\Matyáš\AppData\Local\SearchProtect
2015-01-20 19:25 - 2014-01-25 18:08 - 00000000 ____D () C:\AdwCleaner
2015-01-20 19:18 - 2010-09-28 13:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 19:18 - 2010-09-28 13:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2010-09-27 19:34 - 2010-09-27 19:34 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

C:\Users\Matyáš\AppData\Local\3fca0cc7
C:\Users\Matyáš\AppData\Local\3fca0cc7\@

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:561568A4
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
"HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb06ea68-e8bb-11e2-b518-705ab6d3a000}" => Key deleted successfully.
HKCR\CLSID\{cb06ea68-e8bb-11e2-b518-705ab6d3a000} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F90EA36-A254-4269-B095-6295DC245406}" => Key deleted successfully.
HKCR\CLSID\{6F90EA36-A254-4269-B095-6295DC245406} => Key not found.
HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
C:\Program Files (x86)\McAfee => Moved successfully.
McAfee SiteAdvisor Service => Service deleted successfully.
WPRO_40_1340 => Service deleted successfully.
"C:\Users\Matyáš\Desktop\FRST.txt" => File/Directory not found.
C:\Users\Matyáš\Desktop\LM.bat => Moved successfully.
C:\Users\Matyáš\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\Matyáš\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Matyáš\Desktop\adwcleaner_4.108.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\Matyáš\Desktop\RSITx64.exe => Moved successfully.
C:\Users\Matyáš\AppData\Local\SearchProtect => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\Users\Matyáš\AppData\Local\3fca0cc7 => Moved successfully.
"C:\Users\Matyáš\AppData\Local\3fca0cc7\@" => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
C:\ProgramData\Temp => ":561568A4" ADS removed successfully.
C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully.
C:\ProgramData\Temp => ":798A3728" ADS removed successfully.
C:\ProgramData\Temp => ":93DE1838" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
C:\ProgramData\Temp => ":ABE89FFE" ADS removed successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:59:26 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Náhlé zpomalení systému. Malware?

#8 Příspěvek od altrok »

:arrow: Poprosim jeste o aktualni log z FRST - staci spustit FRST64.exe a dejte jen frst.txt (bez addition.txt).
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
macijas
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 25 led 2014 17:47

Re: Náhlé zpomalení systému. Malware?

#9 Příspěvek od macijas »

OK, LOG posílám. Jinak rychlost systému je zase taková, jaká má být, až to fičí z pohraničí jedna báseň. Vypadá to (na první pohled), že je vše OK. Děkuju mockrát.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Matyáš (administrator) on MM on 20-01-2015 21:28:04
Running from C:\Users\Matyáš\Desktop
Loaded Profiles: Matyáš (Available profiles: Matyáš & Host)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2838912 2010-09-07] (AVAST Software)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-08] (Power Software Ltd)
HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matyáš\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matyáš\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matyáš\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matyáš\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2969430462-2651391548-2970613342-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5v46529227
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2969430462-2651391548-2970613342-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... AW_csCZ399
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 88.209.32.12 88.209.32.38

FireFox:
========
FF ProfilePath: C:\Users\Matyáš\AppData\Roaming\Mozilla\Firefox\Profiles\ar3thoex.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: YouTube mp3 - C:\Users\Matyáš\AppData\Roaming\Mozilla\Firefox\Profiles\ar3thoex.default\Extensions\info@youtube-mp3.org.xpi [2014-11-21]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-09-30] (Macrovision Europe Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-09-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-09-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-09-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-09-07] (AVAST Software)
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [677632 2010-03-16] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 21:28 - 2015-01-20 21:28 - 00014544 _____ () C:\Users\Matyáš\Desktop\FRST.txt
2015-01-20 21:17 - 2015-01-20 21:27 - 00000000 ____D () C:\Users\Matyáš\Desktop\Zápisky
2015-01-20 20:41 - 2015-01-20 20:41 - 00000000 ____D () C:\Users\Matyáš\Desktop\ÚS
2015-01-20 20:32 - 2015-01-20 20:32 - 00000000 ____D () C:\Users\Matyáš\Documents\Štěpán - radio Junior
2015-01-20 20:04 - 2015-01-20 21:28 - 00000000 ____D () C:\FRST
2015-01-20 20:04 - 2015-01-20 20:04 - 02126848 _____ (Farbar) C:\Users\Matyáš\Desktop\FRST64.exe
2015-01-20 18:44 - 2015-01-20 18:44 - 00000334 _____ () C:\Users\Matyáš\Desktop\škola-bayreuth.txt
2015-01-17 10:08 - 2015-01-20 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 20:12 - 2015-01-16 20:12 - 00000000 ____D () C:\ProgramData\GRETECH
2015-01-16 20:11 - 2015-01-16 20:11 - 00001217 _____ () C:\Users\Matyáš\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-01-15 11:32 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 11:32 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 11:32 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 11:32 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 11:32 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 11:32 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 11:32 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:10 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:10 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:09 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:09 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:09 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:09 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-28 18:15 - 2014-12-28 18:26 - 00000000 ____D () C:\Users\Matyáš\Desktop\rwéčko
2014-12-28 02:23 - 2014-12-28 02:23 - 00472392 _____ () C:\Windows\Minidump\122814-53867-01.dmp
2014-12-26 17:18 - 2014-12-28 19:02 - 00000083 _____ () C:\Windows\wwp.INI
2014-12-26 17:10 - 2014-12-26 17:10 - 00000000 ____D () C:\Team17
2014-12-26 17:10 - 2014-12-26 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17
2014-12-26 17:06 - 2014-12-26 17:06 - 00000000 ____D () C:\Users\Matyáš\Downloads\Worms World Party
2014-12-26 17:06 - 2014-12-26 17:06 - 00000000 ____D () C:\Users\Matyáš\AppData\Roaming\PowerISO
2014-12-26 17:05 - 2014-12-26 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-12-26 17:05 - 2014-12-26 17:05 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-12-26 17:05 - 2014-10-08 14:13 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2014-12-26 16:29 - 2014-12-26 16:52 - 594497536 ____R () C:\Users\Matyáš\Downloads\Worms World Party.iso

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 21:18 - 2012-07-19 17:35 - 00000000 ____D () C:\Users\Matyáš\Desktop\FPR
2015-01-20 21:17 - 2012-07-19 17:17 - 00000000 ____D () C:\Users\Matyáš\Desktop\ERASMUS
2015-01-20 21:16 - 2014-05-05 14:20 - 00000000 ____D () C:\Users\Matyáš\Desktop\UPPER CROSS SYNDROME
2015-01-20 21:16 - 2013-10-22 15:18 - 00000000 ____D () C:\Users\Matyáš\Desktop\PR
2015-01-20 21:15 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:15 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 21:06 - 2009-07-14 05:51 - 00161777 _____ () C:\Windows\setupact.log
2015-01-20 21:05 - 2010-05-20 03:16 - 01293992 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 20:59 - 2013-03-19 12:46 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 20:51 - 2013-01-07 19:22 - 00000000 ____D () C:\Users\Matyáš\Desktop\Deutsch
2015-01-20 20:50 - 2014-11-29 22:54 - 00000000 ____D () C:\Users\Matyáš\Desktop\j
2015-01-20 20:45 - 2011-06-20 15:50 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-20 20:37 - 2014-10-25 16:45 - 00000000 ____D () C:\Users\Matyáš\Desktop\Bayreuth
2015-01-20 20:29 - 2012-01-05 14:24 - 00000000 ____D () C:\Users\Matyáš\Desktop\E-books
2015-01-20 20:23 - 2013-10-22 15:13 - 00000000 ____D () C:\Users\Matyáš\Desktop\CV
2015-01-20 20:18 - 2014-10-20 08:31 - 00000000 ____D () C:\Users\Matyáš\Documents\BMMOTO vs Pan Pokorný
2015-01-20 19:26 - 2010-05-20 03:13 - 00230982 _____ () C:\Windows\PFRO.log
2015-01-20 19:25 - 2010-09-27 14:16 - 00000000 ____D () C:\Users\Matyáš
2015-01-17 20:37 - 2012-09-24 23:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 20:11 - 2012-01-08 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-01-15 22:46 - 2010-09-27 19:33 - 00000000 ____D () C:\Users\Matyáš\AppData\Roaming\Skype
2015-01-15 20:44 - 2014-10-14 19:35 - 00031744 ____H () C:\Users\Matyáš\Desktop\~WRL2701.tmp
2015-01-15 19:54 - 2014-10-14 19:35 - 00032256 ____H () C:\Users\Matyáš\Desktop\~WRL3787.tmp
2015-01-15 17:40 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL2011.tmp
2015-01-15 17:40 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL0020.tmp
2015-01-15 17:28 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL2792.tmp
2015-01-15 17:15 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL0241.tmp
2015-01-15 11:33 - 2013-07-20 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 11:15 - 2011-08-11 16:13 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 11:12 - 2013-03-19 12:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 11:12 - 2013-03-19 12:46 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 11:12 - 2011-10-07 09:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 21:27 - 2014-10-08 19:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-12 21:27 - 2010-09-27 19:31 - 00000000 ____D () C:\ProgramData\Skype
2015-01-12 11:54 - 2014-11-14 18:10 - 00026624 ____H () C:\Users\Matyáš\Desktop\~WRL0012.tmp
2015-01-10 20:09 - 2011-01-09 17:30 - 00000132 _____ () C:\Users\Matyáš\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-06 04:36 - 2010-09-27 14:34 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 21:47 - 2012-12-24 08:02 - 00003640 _____ () C:\Windows\wininit.ini
2014-12-28 19:38 - 2010-09-27 14:30 - 00040846 _____ () C:\Windows\DirectX.log
2014-12-28 17:05 - 2014-09-11 16:58 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-28 02:23 - 2011-08-10 21:43 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 02:23 - 2009-07-14 05:45 - 05226360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-28 02:22 - 2011-08-10 21:42 - 443679858 _____ () C:\Windows\MEMORY.DMP
2014-12-28 02:18 - 2014-09-17 13:29 - 00000000 ____D () C:\Users\Matyáš\AppData\Roaming\BitTorrent
2014-12-26 17:17 - 2011-03-17 17:47 - 00000000 ____D () C:\Users\Matyáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 17:10 - 2010-04-21 11:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-21 14:56 - 2014-12-08 14:17 - 00019968 ____H () C:\Users\Matyáš\Desktop\~WRL0055.tmp

==================== Files in the root of some directories =======
2011-02-23 20:12 - 2011-03-01 15:29 - 0000132 _____ () C:\Users\Matyáš\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-04-28 21:50 - 2013-04-28 21:50 - 0000132 _____ () C:\Users\Matyáš\AppData\Roaming\Adobe GIF Format CS5 Prefs
2011-01-09 17:30 - 2015-01-10 20:09 - 0000132 _____ () C:\Users\Matyáš\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-01-31 20:06 - 2013-02-14 20:15 - 0098322 _____ () C:\Users\Matyáš\AppData\Roaming\Requiem.log
2001-08-15 11:48 - 2001-08-15 11:48 - 0000536 ____H () C:\Users\Matyáš\AppData\Roaming\winpmltspb6
2011-05-16 10:32 - 2011-05-16 10:32 - 0000000 _____ () C:\Users\Matyáš\AppData\Roaming\wklnhst.dat
2012-07-22 07:07 - 2013-11-09 18:19 - 0001456 _____ () C:\Users\Matyáš\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-10-07 23:58 - 2013-12-08 07:30 - 0039424 _____ () C:\Users\Matyáš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-21 11:41 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2003-02-10 00:13 - 2003-02-10 00:13 - 0000416 ____H () C:\ProgramData\systmsp2pb6

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 14:11

==================== End Of Log ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Náhlé zpomalení systému. Malware?

#10 Příspěvek od altrok »

macijas píše:OK, LOG posílám. Jinak rychlost systému je zase taková, jaká má být, až to fičí z pohraničí jedna báseň. Vypadá to (na první pohled), že je vše OK. Děkuju mockrát.
To rad slysim :idea:


Mel jste tam toho povicero, takze jeste radeji zkontrolujeme jednu vec... vsadil bych se, ze stara Java na tom mela svuj podil

:arrow: Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Spuste dvojklikem a extrahujte na plochu
  • kliknete na Next
  • Aktualizujte virovou databazi klikem na Update a pokracujte na Next
  • Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
  • zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
  • kliknete na Cleanup a souhlaste s restartem - Yes
  • obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
macijas
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 25 led 2014 17:47

Re: Náhlé zpomalení systému. Malware?

#11 Příspěvek od macijas »

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.01.20.10
rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Matyáš :: MM [administrator]

20.1.2015 21:54:35
mbar-log-2015-01-20 (21-54-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 440225
Time elapsed: 44 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Matyáš\Desktop\rwéčko\bb\KeyGen.exe (Trojan.Agent.CK) -> Delete on reboot. [5357857407825dd92b35d9d0bf46ca36]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Náhlé zpomalení systému. Malware?

#12 Příspěvek od altrok »

Smazte c:\programdata\FullRemove.exe

A jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
macijas
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 25 led 2014 17:47

Re: Náhlé zpomalení systému. Malware?

#13 Příspěvek od macijas »

Super. Ještě jednou mockrát děkuju. :happy:
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Náhlé zpomalení systému. Malware?

#14 Příspěvek od altrok »

Nemate zac, rad jsem pomohl :worship:


Mejte se krasne a treba zase nekdy :bye:
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“