Zdar, na něco jsem kliknul a nebylo to voňavé.

[tuvok07]

Problém je jedině, že u Windows update zmizela historie aktualizací, ale to se dělo po aktualizaci která se v tom vrtala už snad.
Nicméně, Kašperský se dnes obořil na jeden soubor *.tmp
Provádím sken MBAM a posílám RSIT


Logfile of random's system information tool 1.10 (written by random/random)
Run by xx at 2015-05-22 14:09:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 34 GB (5%) free of 707 GB
Total RAM: 3579 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:09:50, on 22.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Portable\ProcessExplorer\procexp.exe
C:\Program Files\Opera\29.0.1795.60\opera.exe
C:\Program Files\Opera\29.0.1795.60\opera_crashreporter.exe
C:\Program Files\Opera\29.0.1795.60\opera.exe
C:\Program Files\Opera\29.0.1795.60\opera.exe
C:\Program Files\Opera\29.0.1795.60\opera.exe
C:\Program Files\Opera\29.0.1795.60\opera.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Opera\29.0.1795.60\opera.exe
C:\Portable\RSIT.exe
C:\Program Files\trend micro\xx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-21-2503734218-1681691102-840008259-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2503734218-1681691102-840008259-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" (User '?')
O4 - HKUS\S-1-5-21-2503734218-1681691102-840008259-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Spotify Web Helper] "C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" (User '?')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
O23 - Service: Služba Google Update (gupdate1caeab72b9785e1) (gupdate1caeab72b9785e1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8760 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, wrc@avast.com:20110101, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

"content_blocker@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
"virtual_keyboard@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
"url_advisor@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
"anti_banner@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
"online_banking@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/content_blocker]
"Description"=
"Path"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/online_banking]
"Description"=
"Path"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/virtual_keyboard]
"Description"=
"Path"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nullsoft.com/winampDetector;version=1]
"Description"=Winamp Detector
"Path"=C:\Program Files\Winamp Detect\npwachk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll


C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npyaxmpb.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\searchplugins\
bing-avast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20 709312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-09 1152808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20 480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20 891072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-12-25 8129056]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2007-12-10 323584]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [2013-12-06 747264]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"HydraVisionDesktopManager"=C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [2010-02-02 385024]
"Spotify Web Helper"=C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2015-01-17 1676344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-08-09 113024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-05-22 14:05:38 ----D---- C:\rsit
2015-05-22 14:05:38 ----D---- C:\Program Files\trend micro
2015-05-19 10:28:22 ----D---- C:\Program Files\Mozilla Firefox
2015-05-14 01:24:25 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:10:00 ----A---- C:\Windows\system32\wpdshext.dll
2015-05-13 10:09:46 ----A---- C:\Windows\system32\UtcResources.dll
2015-05-13 10:09:46 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-05-13 10:09:46 ----A---- C:\Windows\system32\diagtrack.dll
2015-05-13 10:09:45 ----A---- C:\Windows\system32\tracerpt.exe
2015-05-13 10:09:45 ----A---- C:\Windows\system32\tdh.dll
2015-05-13 10:09:45 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-05-13 10:09:45 ----A---- C:\Windows\system32\ntdll.dll
2015-05-13 10:09:45 ----A---- C:\Windows\system32\lsasrv.dll
2015-05-13 10:09:45 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-05-13 10:09:45 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-05-13 10:09:45 ----A---- C:\Windows\system32\advapi32.dll
2015-05-13 10:09:44 ----A---- C:\Windows\system32\srcore.dll
2015-05-13 10:09:44 ----A---- C:\Windows\system32\sechost.dll
2015-05-13 10:09:44 ----A---- C:\Windows\system32\rstrui.exe
2015-05-13 10:09:44 ----A---- C:\Windows\system32\msv1_0.dll
2015-05-13 10:09:44 ----A---- C:\Windows\system32\logman.exe
2015-05-13 10:09:44 ----A---- C:\Windows\system32\kerberos.dll
2015-05-13 10:09:43 ----A---- C:\Windows\system32\wdigest.dll
2015-05-13 10:09:43 ----A---- C:\Windows\system32\typeperf.exe
2015-05-13 10:09:43 ----A---- C:\Windows\system32\TSpkg.dll
2015-05-13 10:09:43 ----A---- C:\Windows\system32\smss.exe
2015-05-13 10:09:43 ----A---- C:\Windows\system32\relog.exe
2015-05-13 10:09:43 ----A---- C:\Windows\system32\ncrypt.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\sspisrv.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\sspicli.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\srclient.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\secur32.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\msobjs.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\msaudite.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\lsass.exe
2015-05-13 10:09:42 ----A---- C:\Windows\system32\diskperf.exe
2015-05-13 10:09:42 ----A---- C:\Windows\system32\csrsrv.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\credssp.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\auditpol.exe
2015-05-13 10:09:42 ----A---- C:\Windows\system32\apisetschema.dll
2015-05-13 10:09:42 ----A---- C:\Windows\system32\adtschema.dll
2015-05-13 10:09:31 ----A---- C:\Windows\system32\FntCache.dll
2015-05-13 10:09:30 ----A---- C:\Windows\system32\win32k.sys
2015-05-13 10:09:30 ----A---- C:\Windows\system32\DWrite.dll
2015-05-13 10:09:20 ----A---- C:\Windows\system32\schannel.dll
2015-05-13 10:09:20 ----A---- C:\Windows\system32\certcli.dll
2015-05-13 10:09:16 ----A---- C:\Windows\system32\services.exe
2015-05-13 10:09:13 ----A---- C:\Windows\system32\urlmon.dll
2015-05-13 10:09:13 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 10:09:13 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 10:09:13 ----A---- C:\Windows\system32\iernonce.dll
2015-05-13 10:09:13 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-05-13 10:09:13 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-05-13 10:09:13 ----A---- C:\Windows\system32\iedkcs32.dll
2015-05-13 10:09:13 ----A---- C:\Windows\system32\ie4uinit.exe
2015-05-13 10:09:12 ----A---- C:\Windows\system32\msfeeds.dll
2015-05-13 10:09:12 ----A---- C:\Windows\system32\jsproxy.dll
2015-05-13 10:09:12 ----A---- C:\Windows\system32\jscript9diag.dll
2015-05-13 10:09:12 ----A---- C:\Windows\system32\ieUnatt.exe
2015-05-13 10:09:12 ----A---- C:\Windows\system32\ieapfltr.dll
2015-05-13 10:09:12 ----A---- C:\Windows\system32\dxtmsft.dll
2015-05-13 10:09:11 ----A---- C:\Windows\system32\wininet.dll
2015-05-13 10:09:11 ----A---- C:\Windows\system32\msrating.dll
2015-05-13 10:09:11 ----A---- C:\Windows\system32\iesetup.dll
2015-05-13 10:09:11 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 10:09:10 ----A---- C:\Windows\system32\ieui.dll
2015-05-13 10:09:10 ----A---- C:\Windows\system32\dxtrans.dll
2015-05-13 10:09:09 ----A---- C:\Windows\system32\ieframe.dll
2015-05-13 10:09:08 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-05-13 10:09:08 ----A---- C:\Windows\system32\mshtmled.dll
2015-05-13 10:09:08 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-05-13 10:09:08 ----A---- C:\Windows\system32\iertutil.dll
2015-05-13 10:09:07 ----A---- C:\Windows\system32\mshtml.dll
2015-05-13 10:09:06 ----A---- C:\Windows\system32\vbscript.dll
2015-05-13 10:09:06 ----A---- C:\Windows\system32\jscript9.dll
2015-05-13 10:09:06 ----A---- C:\Windows\system32\jscript.dll
2015-05-13 10:08:48 ----A---- C:\Windows\system32\shimeng.dll
2015-05-13 10:08:48 ----A---- C:\Windows\system32\sdbinst.exe
2015-05-13 10:08:48 ----A---- C:\Windows\system32\apphelp.dll
2015-05-13 10:08:48 ----A---- C:\Windows\system32\aelupsvc.dll
2015-05-13 10:08:46 ----A---- C:\Windows\system32\jnwmon.dll
2015-05-13 10:08:46 ----A---- C:\Windows\system32\InkEd.dll
2015-05-13 10:08:45 ----A---- C:\Windows\system32\poqexec.exe

======List of files/folders modified in the last 1 month======

2015-05-22 14:09:23 ----D---- C:\Windows\Prefetch
2015-05-22 14:05:38 ----D---- C:\Program Files
2015-05-22 14:03:12 ----D---- C:\ProgramData\Kaspersky Lab
2015-05-22 14:03:08 ----D---- C:\Portable
2015-05-22 13:58:26 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-05-22 13:58:23 ----D---- C:\Windows\system32\drivers
2015-05-22 13:56:39 ----D---- C:\Windows\temp
2015-05-22 10:06:03 ----SHD---- C:\Windows\Installer
2015-05-22 10:06:02 ----D---- C:\Program Files\Microsoft Office
2015-05-22 10:05:55 ----SHD---- C:\System Volume Information
2015-05-22 10:03:29 ----D---- C:\Program Files\SpeedFan
2015-05-22 09:49:08 ----D---- C:\Windows\system32\config
2015-05-21 02:14:52 ----D---- C:\Windows\winsxs
2015-05-21 02:14:31 ----SD---- C:\Windows\system32\GWX
2015-05-21 00:42:09 ----D---- C:\Program Files\Warcraft III
2015-05-20 20:38:07 ----D---- C:\Users\xx\AppData\Roaming\Skype
2015-05-20 20:37:12 ----D---- C:\ProgramData\Skype
2015-05-20 13:18:43 ----D---- C:\Windows\system32\Tasks
2015-05-20 13:18:43 ----D---- C:\Program Files\Opera
2015-05-20 09:49:36 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-05-18 10:41:09 ----D---- C:\Windows\Tasks
2015-05-15 01:40:37 ----D---- C:\Windows\System32
2015-05-15 01:40:36 ----D---- C:\Program Files\Windows Journal
2015-05-14 14:20:05 ----D---- C:\Windows\rescache
2015-05-14 12:07:06 ----D---- C:\Windows\Microsoft.NET
2015-05-14 12:06:08 ----RSD---- C:\Windows\assembly
2015-05-14 10:10:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-05-14 10:10:35 ----D---- C:\Windows\inf
2015-05-14 10:01:38 ----D---- C:\Windows\system32\cs-CZ
2015-05-14 10:01:33 ----D---- C:\Windows\system32\AdvancedInstallers
2015-05-14 10:01:20 ----D---- C:\Windows\system32\en-US
2015-05-14 10:01:18 ----D---- C:\Program Files\Internet Explorer
2015-05-14 10:01:15 ----D---- C:\Windows\AppPatch
2015-05-14 10:01:04 ----D---- C:\Windows\system32\DriverStore
2015-05-14 01:24:21 ----D---- C:\ProgramData\Microsoft Help
2015-05-14 01:22:30 ----D---- C:\Windows\system32\MRT
2015-05-14 01:15:28 ----A---- C:\Windows\system32\MRT.exe
2015-05-14 01:11:30 ----D---- C:\Program Files\Microsoft Silverlight
2015-05-13 10:07:17 ----D---- C:\Windows\system32\catroot2
2015-04-28 13:11:23 ----D---- C:\Program Files\LEGO Company

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-02-20 135264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2012-12-29 24184]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2014-04-10 34400]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2015-01-09 644808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2014-02-25 25696]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2014-03-25 45024]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2014-03-26 145888]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-09 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-09 67664]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 48128]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 296064]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 11527680]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-12-06 501248]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-12-25 2981024]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-01-09 112136]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 24672]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-08-08 25696]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-05-22 119512]
R3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2009-04-28 461824]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 172416]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 78336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 11527680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\xx\AppData\Local\Temp\catchme.sys []
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-04-14 51928]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-10-18 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-12-06 209408]
R2 AVP15.0.0;Služba Kaspersky Anti-Virus 15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-20 233552]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 gupdate1caeab72b9785e1;Služba Google Update (gupdate1caeab72b9785e1); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14 268464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-22 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-04-21 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-05-19 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

[Roli]

Zdravím, než dokončíš sken Mbam tak se zeptám, potřebuješ nutně Spotify Web Helper ?


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update (gupdate1caeab72b9785e1)
Služba Google Update (gupdatem)
Google Software Updater (gusvc)

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


V Knihovně Plánovače úloh zakaž Google Update bude to tam vícekrát.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.

[tuvok07]

Já o něm ani nevím Zarazíme mu pak provoz.
MBAM nic nenašel jdu na ADW Cleaner.

[tuvok07]

Adw Cleaner nic nenašel

# AdwCleaner v4.205 - Log vytvořen 23/05/2015 v 11:28:09
# Aktualizováno 21/05/2015 by Xplode
# Databáze : 2015-05-21.2 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x86)
# Uživatelské jméno : xx - XX-PC
# Spuštěno z : C:\Users\xx\Desktop\adwcleaner_4.205.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 cs)


-\\ Google Chrome v43.0.2357.65


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [821 bytů] - [23/05/2015 11:26:25]
AdwCleaner[S0].txt - [747 bytů] - [23/05/2015 11:28:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [804 bytů] ##########


Tady je pro jistotu výpis z MBAM
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 22.5.2015
Čas skenování: 13:58:52
Protokol: mbam.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.22.02
Databáze rootkitů: v2015.05.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: xx

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 341841
Uplynulý čas: 17 min, 26 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.OpenCandy, C:\Users\xx\Documents\aTube_Catcher.exe, Žádná akce od uživatele, [8f1ba7ef206a32047eb9212c7690748c],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Ten program moc nepoužívám, pokud mi to doporučíš klidně odinstaluji

[Roli]

Ten program moc nepoužívám, pokud mi to doporučíš klidně odinstaluji

Spotify Web Helper odinstaluj


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[tuvok07]

ComboFix 15-05-25.01 - xx 25.05.2015 10:51:05.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3579.2447 [GMT 2:00]
Spuštěný z: c:\users\xx\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-25 do 2015-05-25 )))))))))))))))))))))))))))))))
.
.
2015-05-25 09:01 . 2015-05-25 09:03 -------- d-----w- c:\users\xx\AppData\Local\temp
2015-05-25 09:01 . 2015-05-25 09:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-25 09:01 . 2015-05-25 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-23 09:26 . 2015-05-23 09:28 -------- d-----w- C:\AdwCleaner
2015-05-22 12:05 . 2015-05-22 12:09 -------- d-----w- c:\program files\trend micro
2015-05-22 12:05 . 2015-05-22 12:05 -------- d-----w- C:\rsit
2015-05-13 23:24 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:10 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-13 08:08 . 2015-03-04 04:11 5120 ----a-w- c:\windows\system32\shimeng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-23 09:33 . 2014-08-08 10:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-05 01:12 . 2015-05-13 08:09 248832 ----a-w- c:\windows\system32\schannel.dll
2015-04-27 19:05 . 2015-05-13 08:09 92160 ----a-w- c:\windows\system32\sechost.dll
2015-04-22 07:52 . 2014-08-04 20:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-04-14 17:55 . 2014-04-13 15:22 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-14 17:55 . 2014-04-13 15:22 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2014-08-08 10:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-08-08 10:08 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2011-02-28 19:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-25 03:00 . 2015-04-15 05:12 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-15 05:12 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-15 05:12 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-15 05:12 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-15 05:12 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-15 05:12 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-15 05:12 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 05:12 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-15 05:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-15 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-15 05:12 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-15 05:13 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-15 05:13 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-15 05:13 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-15 05:13 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-15 05:13 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-15 05:13 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06 . 2015-04-15 05:13 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59 . 2015-04-15 05:13 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:08 . 2015-04-15 05:12 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-15 05:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06 . 2015-04-15 05:13 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 04:16 . 2015-04-15 05:13 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:10 . 2015-04-15 05:13 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 08:08 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 08:08 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 08:08 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:03 . 2015-04-15 05:12 514560 ----a-w- c:\windows\system32\drivers\http.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2010-02-02 385024]
"Spotify Web Helper"="c:\users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-16 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2013-12-06 747264]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
R4 gupdate1caeab72b9785e1;Služba Google Update (gupdate1caeab72b9785e1);c:\program files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys [2014-04-10 34400]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-02-25 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2014-03-25 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-03-26 145888]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-09 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-09 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-10-18 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-06 209408]
S2 AVP15.0.0;Služba Kaspersky Anti-Virus 15.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-20 233552]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2015-01-09 112136]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 24672]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-08-08 25696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-21 14:46 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13 17:55]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 08:23]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 08:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Přidat do součásti Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(8088)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2015-05-25 11:09:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-25 09:09
.
Před spuštěním: Volných bajtů: 35 759 673 344
Po spuštění: Volných bajtů: 36 073 119 744
.
- - End Of File - - 36FF8DF70ED3CABD9F8540CB5F9D5F64
A36C5E4F47E84449FF07ED3517B43A31

[tuvok07]

ComboFix 15-05-25.01 - xx 25.05.2015 10:51:05.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3579.2447 [GMT 2:00]
Spuštěný z: c:\users\xx\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-25 do 2015-05-25 )))))))))))))))))))))))))))))))
.
.
2015-05-25 09:01 . 2015-05-25 09:03 -------- d-----w- c:\users\xx\AppData\Local\temp
2015-05-25 09:01 . 2015-05-25 09:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-25 09:01 . 2015-05-25 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-23 09:26 . 2015-05-23 09:28 -------- d-----w- C:\AdwCleaner
2015-05-22 12:05 . 2015-05-22 12:09 -------- d-----w- c:\program files\trend micro
2015-05-22 12:05 . 2015-05-22 12:05 -------- d-----w- C:\rsit
2015-05-13 23:24 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:10 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-13 08:08 . 2015-03-04 04:11 5120 ----a-w- c:\windows\system32\shimeng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-23 09:33 . 2014-08-08 10:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-05 01:12 . 2015-05-13 08:09 248832 ----a-w- c:\windows\system32\schannel.dll
2015-04-27 19:05 . 2015-05-13 08:09 92160 ----a-w- c:\windows\system32\sechost.dll
2015-04-22 07:52 . 2014-08-04 20:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-04-14 17:55 . 2014-04-13 15:22 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-14 17:55 . 2014-04-13 15:22 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2014-08-08 10:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-08-08 10:08 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2011-02-28 19:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-25 03:00 . 2015-04-15 05:12 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-15 05:12 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-15 05:12 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-15 05:12 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-15 05:12 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-15 05:12 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-15 05:12 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 05:12 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-15 05:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-15 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-15 05:12 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-15 05:13 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-15 05:13 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-15 05:13 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-15 05:13 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-15 05:13 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-15 05:13 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06 . 2015-04-15 05:13 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59 . 2015-04-15 05:13 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:08 . 2015-04-15 05:12 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-15 05:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06 . 2015-04-15 05:13 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 04:16 . 2015-04-15 05:13 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:10 . 2015-04-15 05:13 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 08:08 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 08:08 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 08:08 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:03 . 2015-04-15 05:12 514560 ----a-w- c:\windows\system32\drivers\http.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2010-02-02 385024]
"Spotify Web Helper"="c:\users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-16 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2013-12-06 747264]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
R4 gupdate1caeab72b9785e1;Služba Google Update (gupdate1caeab72b9785e1);c:\program files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys [2014-04-10 34400]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-02-25 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2014-03-25 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-03-26 145888]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-09 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-09 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-10-18 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-06 209408]
S2 AVP15.0.0;Služba Kaspersky Anti-Virus 15.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-20 233552]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2015-01-09 112136]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 24672]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-08-08 25696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-21 14:46 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13 17:55]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 08:23]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 08:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Přidat do součásti Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(8088)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2015-05-25 11:09:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-25 09:09
.
Před spuštěním: Volných bajtů: 35 759 673 344
Po spuštění: Volných bajtů: 36 073 119 744
.
- - End Of File - - 36FF8DF70ED3CABD9F8540CB5F9D5F64
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[tuvok07]

ComboFix 15-05-25.01 - xx 26.05.2015 14:43:55.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3579.2317 [GMT 2:00]
Spuštěný z: c:\users\xx\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\xx\Desktop\CFscript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-26 do 2015-05-26 )))))))))))))))))))))))))))))))
.
.
2015-05-26 12:54 . 2015-05-26 12:57 -------- d-----w- c:\users\xx\AppData\Local\temp
2015-05-26 12:54 . 2015-05-26 12:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-26 12:54 . 2015-05-26 12:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-23 09:26 . 2015-05-23 09:28 -------- d-----w- C:\AdwCleaner
2015-05-22 12:05 . 2015-05-22 12:09 -------- d-----w- c:\program files\trend micro
2015-05-22 12:05 . 2015-05-22 12:05 -------- d-----w- C:\rsit
2015-05-13 23:24 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:10 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-13 08:08 . 2015-03-04 04:11 5120 ----a-w- c:\windows\system32\shimeng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-23 09:33 . 2014-08-08 10:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-05 01:12 . 2015-05-13 08:09 248832 ----a-w- c:\windows\system32\schannel.dll
2015-04-27 19:05 . 2015-05-13 08:09 92160 ----a-w- c:\windows\system32\sechost.dll
2015-04-22 07:52 . 2014-08-04 20:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-04-14 17:55 . 2014-04-13 15:22 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-14 17:55 . 2014-04-13 15:22 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2014-08-08 10:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-08-08 10:08 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2011-02-28 19:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-25 03:00 . 2015-04-15 05:12 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-15 05:12 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-15 05:12 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-15 05:12 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-15 05:12 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-15 05:12 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-15 05:12 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 05:12 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-15 05:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-15 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-15 05:12 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-15 05:13 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-15 05:13 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-15 05:13 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-15 05:13 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-15 05:13 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-15 05:13 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06 . 2015-04-15 05:13 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59 . 2015-04-15 05:13 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:08 . 2015-04-15 05:12 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-15 05:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06 . 2015-04-15 05:13 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 04:16 . 2015-04-15 05:13 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:10 . 2015-04-15 05:13 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 08:08 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 08:08 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 08:08 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2010-02-02 385024]
"Spotify Web Helper"="c:\users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-16 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2013-12-06 747264]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
R4 gupdate1caeab72b9785e1;Služba Google Update (gupdate1caeab72b9785e1);c:\program files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys [2014-04-10 34400]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-02-25 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2014-03-25 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-03-26 145888]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-09 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-09 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-10-18 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-06 209408]
S2 AVP15.0.0;Služba Kaspersky Anti-Virus 15.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-20 233552]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2015-01-09 112136]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 24672]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-08-08 25696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-21 14:46 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13 17:55]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 08:23]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 08:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Přidat do součásti Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(8256)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Celkový čas: 2015-05-26 15:02:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-26 13:02
ComboFix2.txt 2015-05-25 09:09
.
Před spuštěním: Volných bajtů: 34 099 335 168
Po spuštění: Volných bajtů: 34 055 155 712
.
- - End Of File - - 15F3F149E9551DEF507A72B805DF7F83
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jak se PC chová.

[tuvok07]

Nemám tu v sedmičkách start - spustit - napsal jsem to do toho vyhledavacího okýnka v menu start

[tuvok07]

T Cleaner je hotovej, zdá se, že vše pracuje v normálu.
Myslím, že to byly jen nějaké zbytky po infekci....

[Roli]

Myslím, že to byly jen nějaké zbytky po infekci....

Dalo by se říct, že ano plus nějaké zbytečnosti.

T Cleaner je hotovej, zdá se, že vše pracuje v normálu.

V tom případě je to z mé strany vše

[tuvok07]

Jen bych rád dodal že mi tu občas zazlobí Kašperskej

Kód: Vybrat vše

Kaspersky
Internet Security
PŘÍSTUP ODEPŘEN
Požadovanou URL adresu nelze zobrazit

URL:

http://forum.viry.cz/posting.php?mode=re<...>

Blokováno součástí Web Anti-Virus

Důvod: phishingová adresa URL 

Klikněte sem, pokud si myslíte, že je webová stránka blokována omylem.

Metoda detekce: heuristická analýza
Čas vygenerování zprávy: 17:15:46

Nechť se na to někdo mrkne, něco se mu tam nelíbí
A chtěl bych se zeptat jak odinstalovat Spotify web helper, samostatně v aplikacích není a ve spouštěnejch službách - services.msc - taky ne.

[Roli]

Co se týče našeho fóra a phishingu to proberem s adminem.

Co se týče Spotify, když nejde odinstalovat podobrém tak půjde po zlém


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
c:\users\xx\AppData\Roaming\Spotify

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\