zavirovaný PC - prosím o pomoc

Zpráva

76033347 · #1 Příspěvek od **76033347** » 06 srp 2015 20:35

prosím o pomoc s pravděpodobně zavirovaným PC
stále se spouští prográmek, který mění vyhledávače, dále spouští updaty programů a stále dokola
antivir ještě hlásil trojana Skeeyah.A.bit, provedeno lečení a po restartu opět nabíhá
ve spuštěných procesech jsou podezřelé programy fchk.exe a rb5rktz5.exe
posílám rsit log a hjackthis log

Logfile of random's system information tool 1.09 (written by random/random)
Run by Sonicka at 2015-08-06 21:30:51
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 27 GB (18%) free of 150 GB
Total RAM: 3063 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:30:56, on 6.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17909)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\GWX\GWX.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\temp\RSIT.exe
C:\Program Files\trend micro\Sonicka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlYfBCjZv89AkFESAyyq5oYTPaaUgwUdSnq9a3SzYnfUIHXfJwED__zwWhUMiSoDF0FGosx52ufYRk66Ezl0NStIRkdjNnarb3KUIqewHxWh92VH_h8Zm9WWJLSFMxtTrktLb8lJt9l8WVrg&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlYfBCjZv89AkFESAyyq5oYTPaaUgwUdSnq9a3SzYnfUIHXfJwED__zwWhUMiSoDF0FGosx52ufYRk66Ezl0NStIRkdjNnarb3KUIqewHxWh92VH_h8Zm9WWJLSFMxtTrktLb8lJt9l8WVrg&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlYfBCjZv89AkFESAyyq5oYTPaaUgwUdSnq9a3SzYnfUIHXfJwED__zwWhUMiSoDF0FGosx52ufYRk66Ezl0NStIRkdjNnarb3KUIqewHxWh92VH_h8Zm9WWJLSFMxtTrktLb8lJt9l8WVrg&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.centrum.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.centrum.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlYfBCjZv89AkFESAyyq5oYTPaaUgwUdSnq9a3SzYnfUIHXfJwED__zwWhUMiSoDF0FGosx52ufYRk66Ezl0NStIRkdjNnarb3KUIqewHxWh92VH_h8Zm9WWJLSFMxtTrktLb8lJt9l8WVrg&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "d:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://www.magic-kinder.com/totalimmers ... taller.exe
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\ProgramData\ExtTag\4kohljss.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ExtTag service (ExtTag) - Unknown owner - C:\ProgramData\ExtTag\ExtTag (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Check Service (schk32) - Unknown owner - C:\Program Files\schk32\schk32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 11850 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Sonicka\AppData\Roaming\Mozilla\Firefox\Profiles\vz1ej7y5.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "C:\ProgramData\ExtTags\ff.HP"
prefs.js - "extensions.enabledItems" - "bkmrksync@nokia.com:1.0.0.732, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23 72336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09 153768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09 710872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16 1730264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16 172640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-24 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-16 815104]
"Acrobat Assistant 7.0"=d:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
""= []
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-25 17920]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-07-03 7708672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"PC Suite for Smartphones"=C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [2007-12-25 548864]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 981688]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-06-08 334896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
""= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\ExtTag\4kohljss.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=serwvdrv.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-06 17:09:58 ----HD---- C:\$Windows.~BT
2015-08-06 16:33:58 ----D---- C:\ProgramData\ExtTags
2015-08-06 16:33:27 ----D---- C:\ProgramData\ExtTag
2015-08-05 19:18:42 ----HD---- C:\$Windows.~WS
2015-08-04 21:52:09 ----A---- C:\Windows\system32\generaltel.dll
2015-08-04 21:52:09 ----A---- C:\Windows\system32\devinv.dll
2015-08-04 21:52:09 ----A---- C:\Windows\system32\acmigration.dll
2015-08-04 21:52:08 ----A---- C:\Windows\system32\invagent.dll
2015-08-04 21:52:08 ----A---- C:\Windows\system32\appraiser.dll
2015-08-04 21:52:08 ----A---- C:\Windows\system32\aeinv.dll
2015-08-04 21:52:07 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-08-04 21:52:07 ----A---- C:\Windows\system32\aepdu.dll
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wuwebv.dll
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wups2.dll
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wups.dll
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wudriver.dll
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wucltux.dll
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wuaueng.dll
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wuauclt.exe
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wuapp.exe
2015-08-04 21:47:22 ----A---- C:\Windows\system32\wuapi.dll
2015-08-04 21:47:22 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-08-04 21:47:21 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-08-04 20:40:34 ----D---- C:\Program Files\9AB06700-1438713634-81DD-2EEE-002354648225
2015-08-04 20:39:14 ----D---- C:\Program Files\schk32
2015-08-04 20:35:13 ----D---- C:\Program Files\Opera
2015-08-04 19:59:41 ----D---- C:\Spacekace
2015-08-04 16:57:50 ----D---- C:\Windows\SoftwareDistribution
2015-07-22 16:05:52 ----D---- C:\Program Files\Common Files\DESIGNER
2015-07-21 08:13:49 ----A---- C:\Windows\system32\lpk.dll
2015-07-21 08:13:49 ----A---- C:\Windows\system32\fontsub.dll
2015-07-21 08:13:49 ----A---- C:\Windows\system32\dciman32.dll
2015-07-21 08:13:49 ----A---- C:\Windows\system32\atmlib.dll
2015-07-21 08:13:49 ----A---- C:\Windows\system32\atmfd.dll
2015-07-16 00:02:22 ----D---- C:\Program Files\Common Files\Java
2015-07-15 22:00:31 ----A---- C:\Windows\system32\rpcrt4.dll
2015-07-15 22:00:31 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-15 22:00:31 ----A---- C:\Windows\system32\kerberos.dll
2015-07-15 22:00:31 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-07-15 22:00:31 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-07-15 22:00:30 ----A---- C:\Windows\system32\wdigest.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\sspicli.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\schannel.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\lsass.exe
2015-07-15 22:00:30 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-07-15 22:00:30 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-15 22:00:30 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-15 22:00:30 ----A---- C:\Windows\system32\cryptbase.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\credssp.dll
2015-07-15 22:00:30 ----A---- C:\Windows\system32\auditpol.exe
2015-07-15 22:00:29 ----A---- C:\Windows\system32\secur32.dll
2015-07-15 22:00:29 ----A---- C:\Windows\system32\msobjs.dll
2015-07-15 22:00:29 ----A---- C:\Windows\system32\msaudite.dll
2015-07-15 22:00:29 ----A---- C:\Windows\system32\adtschema.dll
2015-07-15 22:00:22 ----A---- C:\Windows\system32\win32k.sys
2015-07-15 22:00:20 ----A---- C:\Windows\system32\wksprt.exe
2015-07-15 22:00:20 ----A---- C:\Windows\system32\mstscax.dll
2015-07-15 22:00:18 ----A---- C:\Windows\system32\rdvidcrl.dll
2015-07-15 22:00:17 ----A---- C:\Windows\system32\tsgqec.dll
2015-07-15 22:00:14 ----A---- C:\Windows\system32\msi.dll
2015-07-15 22:00:14 ----A---- C:\Windows\system32\consent.exe
2015-07-15 22:00:14 ----A---- C:\Windows\system32\authui.dll
2015-07-15 22:00:13 ----A---- C:\Windows\system32\msimsg.dll
2015-07-15 22:00:13 ----A---- C:\Windows\system32\msihnd.dll
2015-07-15 22:00:13 ----A---- C:\Windows\system32\msiexec.exe
2015-07-15 22:00:13 ----A---- C:\Windows\system32\appinfo.dll
2015-07-15 21:59:56 ----A---- C:\Windows\system32\ole32.dll
2015-07-15 21:59:52 ----A---- C:\Windows\system32\gdi32.dll
2015-07-15 21:59:46 ----A---- C:\Windows\system32\rdpcorets.dll
2015-07-15 21:59:45 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 21:59:42 ----A---- C:\Windows\system32\cewmdm.dll
2015-07-15 21:59:38 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-15 21:59:38 ----A---- C:\Windows\system32\jscript9.dll
2015-07-15 21:59:34 ----A---- C:\Windows\system32\urlmon.dll
2015-07-15 21:59:34 ----A---- C:\Windows\system32\ieui.dll
2015-07-15 21:59:33 ----A---- C:\Windows\system32\ieframe.dll
2015-07-15 21:59:32 ----A---- C:\Windows\system32\mshtml.dll
2015-07-15 21:59:31 ----A---- C:\Windows\system32\iertutil.dll
2015-07-15 21:59:04 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 21:59:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-15 21:59:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-15 21:59:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 21:59:03 ----A---- C:\Windows\system32\iernonce.dll
2015-07-15 21:59:03 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-15 21:59:03 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-15 21:59:02 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-15 21:59:02 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-15 21:59:01 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-15 21:59:01 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-15 21:59:01 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-15 21:59:00 ----A---- C:\Windows\system32\msrating.dll
2015-07-15 21:58:59 ----A---- C:\Windows\system32\wininet.dll
2015-07-15 21:58:59 ----A---- C:\Windows\system32\iesetup.dll
2015-07-15 21:58:59 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 21:58:57 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-15 21:58:55 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-15 21:58:54 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-15 21:58:54 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-15 21:58:50 ----A---- C:\Windows\system32\vbscript.dll
2015-07-15 21:58:50 ----A---- C:\Windows\system32\jscript.dll
2015-07-07 16:55:22 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-07 16:55:22 ----A---- C:\Windows\system32\crypt32.dll
2015-07-07 16:55:21 ----A---- C:\Windows\system32\wintrust.dll
2015-07-07 16:55:21 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-07 16:54:40 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll

======List of files/folders modified in the last 1 month======

2015-08-06 21:30:55 ----D---- C:\Program Files\trend micro
2015-08-06 21:19:47 ----D---- C:\Users\Sonicka\AppData\Roaming\Skype
2015-08-06 20:37:55 ----D---- C:\Windows\system32\Tasks
2015-08-06 20:33:38 ----D---- C:\Windows\Temp
2015-08-06 20:29:55 ----D---- C:\Windows\Prefetch
2015-08-06 17:17:59 ----D---- C:\Windows\Panther
2015-08-06 17:07:30 ----D---- C:\Windows\System32
2015-08-06 17:07:30 ----D---- C:\Windows\inf
2015-08-06 17:07:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-06 16:33:58 ----HD---- C:\ProgramData
2015-08-05 19:16:12 ----D---- C:\Windows\system32\config
2015-08-05 19:00:57 ----D---- C:\Windows\Tasks
2015-08-05 19:00:56 ----AD---- C:\Windows\system32\drivers
2015-08-05 19:00:51 ----D---- C:\Program Files
2015-08-05 18:53:06 ----SHD---- C:\System Volume Information
2015-08-04 22:55:08 ----D---- C:\Windows\winsxs
2015-08-04 22:53:47 ----SD---- C:\Windows\system32\CompatTel
2015-08-04 22:53:46 ----D---- C:\Windows\system32\cs-CZ
2015-08-04 22:53:46 ----D---- C:\Windows\system32\appraiser
2015-08-04 22:53:46 ----D---- C:\Windows\AppPatch
2015-08-04 21:58:38 ----SHD---- C:\Windows\Installer
2015-08-04 21:58:38 ----SHD---- C:\Config.Msi
2015-08-04 20:42:05 ----D---- C:\Program Files\Common Files
2015-08-04 16:58:10 ----D---- C:\Windows
2015-07-30 14:37:14 ----SD---- C:\ProgramData\Microsoft
2015-07-28 18:55:50 ----D---- C:\Windows\Logs
2015-07-28 18:13:26 ----D---- C:\Windows\system32\catroot2
2015-07-25 07:55:43 ----SD---- C:\Windows\system32\GWX
2015-07-24 16:40:44 ----D---- C:\ProgramData\Skype
2015-07-24 16:40:36 ----RD---- C:\Program Files\Skype
2015-07-22 17:02:29 ----D---- C:\Windows\Microsoft.NET
2015-07-22 16:56:10 ----RSD---- C:\Windows\assembly
2015-07-22 16:05:53 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-07-22 16:03:52 ----D---- C:\Program Files\Microsoft Office 15
2015-07-17 08:14:40 ----D---- C:\Windows\rescache
2015-07-16 00:18:01 ----D---- C:\Windows\system32\wbem
2015-07-16 00:18:00 ----D---- C:\Windows\system32\en-US
2015-07-16 00:18:00 ----D---- C:\Program Files\Internet Explorer
2015-07-16 00:17:18 ----D---- C:\Windows\system32\MRT
2015-07-16 00:04:19 ----D---- C:\ProgramData\Oracle
2015-07-16 00:03:40 ----D---- C:\Program Files\Java
2015-07-16 00:01:36 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2015-07-15 21:32:38 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-07-12 14:42:09 ----D---- C:\Users\Sonicka\AppData\Roaming\XnView

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 245096]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ItSDisk;ItSDisk; C:\Windows\System32\Drivers\ItSDisk.sys [2006-05-20 23232]
R1 MpKsld83f5a45;MpKsld83f5a45; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C04DE972-1BC8-4EF2-A804-36A7B8A859DB}\MpKsld83f5a45.sys [2015-08-06 39168]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-16 146824]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-28 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-16 198976]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2010-03-04 483200]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2013-01-23 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2013-01-23 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\Windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2012-06-27 104648]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2012-06-27 14920]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2012-06-27 132424]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 181784]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2013-01-23 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2013-01-23 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-07-01 1867448]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ExtTag;ExtTag service; C:\ProgramData\ExtTag\ExtTag []
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 22216]
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2013-09-13 277360]
R2 schk32;Check Service; C:\Program Files\schk32\schk32.exe [2015-08-04 379392]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 284504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-06-03 327296]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-12 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-12 45744]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-06-19 102912]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-12-13 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-12-13 4846168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:13, on 6.8.2015
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17909)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\GWX\GWX.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlYfBCjZv89AkFESAyyq5oYTPaaUgwUdSnq9a3SzYnfUIHXfJwED__zwWhUMiSoDF0FGosx52ufYRk66Ezl0NStIRkdjNnarb3KUIqewHxWh92VH_h8Zm9WWJLSFMxtTrktLb8lJt9l8WVrg&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlYfBCjZv89AkFESAyyq5oYTPaaUgwUdSnq9a3SzYnfUIHXfJwED__zwWhUMiSoDF0FGosx52ufYRk66Ezl0NStIRkdjNnarb3KUIqewHxWh92VH_h8Zm9WWJLSFMxtTrktLb8lJt9l8WVrg&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlYfBCjZv89AkFESAyyq5oYTPaaUgwUdSnq9a3SzYnfUIHXfJwED__zwWhUMiSoDF0FGosx52ufYRk66Ezl0NStIRkdjNnarb3KUIqewHxWh92VH_h8Zm9WWJLSFMxtTrktLb8lJt9l8WVrg&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.centrum.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.centrum.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlYfBCjZv89AkFESAyyq5oYTPaaUgwUdSnq9a3SzYnfUIHXfJwED__zwWhUMiSoDF0FGosx52ufYRk66Ezl0NStIRkdjNnarb3KUIqewHxWh92VH_h8Zm9WWJLSFMxtTrktLb8lJt9l8WVrg&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "d:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - http://www.magic-kinder.com/totalimmers ... taller.exe
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\ProgramData\ExtTag\4kohljss.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ExtTag service (ExtTag) - Unknown owner - C:\ProgramData\ExtTag\ExtTag (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Check Service (schk32) - Unknown owner - C:\Program Files\schk32\schk32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 11382 bytes

#2 Příspěvek od **Rudy** » 06 srp 2015 21:29

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

76033347 · #3 Příspěvek od **76033347** » 06 srp 2015 22:53

hotovo
vkládám pro kontrolu log z Comofixu
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3063.1929 [GMT 2:00]
Spuštěný z: C:\Users\Sonicka\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

C:\ProgramData\hpe94D9.dll
C:\Windows\msdownld.tmp
C:\Windows\PFRO.log
C:\Windows\system32\AF15BDAEX.dll

((((((((((((((((((((((((( Soubory vytvořené od 2015-07-06 do 2015-08-06 )))))))))))))))))))))))))))))))

2015-08-06 21:21:53 . 2015-08-06 21:21:53 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-08-06 20:58:50 . 2015-08-06 20:58:50 -------- d-----w- C:\Users\Sonicka\AppData\Local\TempTaskUpdateDetection069FC3B6-5E02-4B69-B5FC-E6239B5BEB71
2015-08-06 20:54:49 . 2015-08-06 20:54:49 39168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{479CF432-BC3B-416D-901F-65ED76760470}\MpKsl1881e190.sys
2015-08-06 20:42:41 . 2015-07-15 01:33:15 9252608 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{479CF432-BC3B-416D-901F-65ED76760470}\mpengine.dll
2015-08-06 14:54:59 . 2015-07-02 04:40:01 912000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAC1FBD6-5BB6-42B0-9A06-C7D0E054E38E}\gapaengine.dll
2015-08-05 17:18:42 . 2015-08-05 17:18:42 -------- d-----w- C:\$Windows.~WS
2015-08-04 19:52:30 . 2015-07-15 01:33:15 9252608 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-04 19:52:09 . 2015-07-28 20:00:16 598528 ----a-w- C:\Windows\system32\generaltel.dll
2015-08-04 19:52:09 . 2015-07-28 20:00:12 346112 ----a-w- C:\Windows\system32\devinv.dll
2015-08-04 19:52:09 . 2015-07-28 20:00:08 60416 ----a-w- C:\Windows\system32\acmigration.dll
2015-08-04 19:52:08 . 2015-07-28 20:00:18 635904 ----a-w- C:\Windows\system32\invagent.dll
2015-08-04 19:52:08 . 2015-07-28 20:00:09 952832 ----a-w- C:\Windows\system32\appraiser.dll
2015-08-04 19:52:08 . 2015-07-28 19:54:01 934400 ----a-w- C:\Windows\system32\aeinv.dll
2015-08-04 19:52:07 . 2015-07-28 20:04:44 15808 ----a-w- C:\Windows\system32\CompatTelRunner.exe
2015-08-04 19:52:07 . 2015-07-28 20:00:08 202752 ----a-w- C:\Windows\system32\aepdu.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:49 93184 ----a-w- C:\Windows\system32\wudriver.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:49 35840 ----a-w- C:\Windows\system32\wups2.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:49 30208 ----a-w- C:\Windows\system32\wups.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:49 2943488 ----a-w- C:\Windows\system32\wucltux.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:49 2061312 ----a-w- C:\Windows\system32\wuaueng.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:49 173056 ----a-w- C:\Windows\system32\wuwebv.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:48 566784 ----a-w- C:\Windows\system32\wuapi.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:24 73728 ----a-w- C:\Windows\system32\WinSetupUI.dll
2015-08-04 19:47:22 . 2015-07-20 17:56:08 34816 ----a-w- C:\Windows\system32\wuapp.exe
2015-08-04 19:47:22 . 2015-07-20 17:56:08 135680 ----a-w- C:\Windows\system32\wuauclt.exe
2015-08-04 19:47:21 . 2015-07-20 17:56:12 11776 ----a-w- C:\Windows\system32\wu.upgrade.ps.dll
2015-08-04 18:59:03 . 2015-08-04 20:52:49 1668 ----a-w- C:\Windows\system32\ASOROSet.bin
2015-08-04 18:39:14 . 2015-08-06 20:42:17 -------- d-----w- C:\Program Files\schk32
2015-08-04 18:38:59 . 2015-08-04 19:05:46 -------- d-----w- C:\Users\Sonicka\AppData\Local\BrnaWindows
2015-08-04 18:35:13 . 2015-08-04 18:35:13 -------- d-----w- C:\Program Files\Opera
2015-08-04 17:59:41 . 2015-08-04 17:59:41 -------- d-----w- C:\Spacekace
2015-07-21 06:13:49 . 2015-07-15 02:55:41 26624 ----a-w- C:\Windows\system32\lpk.dll
2015-07-21 06:13:49 . 2015-07-15 02:55:37 70656 ----a-w- C:\Windows\system32\fontsub.dll
2015-07-21 06:13:49 . 2015-07-15 02:55:35 10240 ----a-w- C:\Windows\system32\dciman32.dll
2015-07-21 06:13:49 . 2015-07-15 02:55:32 34304 ----a-w- C:\Windows\system32\atmlib.dll
2015-07-21 06:13:49 . 2015-07-15 01:52:35 299008 ----a-w- C:\Windows\system32\atmfd.dll
2015-07-15 22:02:22 . 2015-07-15 22:02:22 -------- d-----w- C:\Program Files\Common Files\Java
2015-07-15 19:59:56 . 2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\system32\ole32.dll
2015-07-15 19:58:59 . 2015-06-25 17:43:43 815312 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2015-07-15 19:58:59 . 2015-06-19 18:40:09 4096 ----a-w- C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 19:58:59 . 2015-06-19 18:25:35 62464 ----a-w- C:\Windows\system32\iesetup.dll
2015-07-15 19:58:59 . 2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\system32\wininet.dll
2015-07-15 19:58:58 . 2015-06-23 15:02:38 772608 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2015-07-15 19:58:55 . 2015-06-19 18:24:27 341504 ----a-w- C:\Windows\system32\html.iec
2015-07-15 19:58:54 . 2015-06-19 18:23:26 64000 ----a-w- C:\Windows\system32\MshtmlDac.dll
2015-07-15 19:58:54 . 2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2015-07-15 19:58:53 . 2015-06-19 17:53:10 817664 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-07-15 19:58:50 . 2015-06-19 18:25:41 504320 ----a-w- C:\Windows\system32\vbscript.dll
2015-07-10 13:47:03 . 2015-08-06 21:02:33 -------- d-----w- C:\$Windows.~BT
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-07-15 22:01:36 . 2014-10-22 16:15:34 96352 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll
2015-07-15 19:32:38 . 2012-04-01 06:31:59 778416 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 19:32:38 . 2011-06-14 05:17:27 142512 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-05 10:11:18 . 2009-11-12 17:13:11 246952 ------w- C:\Windows\system32\MpSigStub.exe
2015-07-02 04:40:01 . 2013-03-12 19:03:07 912000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-07-01 20:30:37 . 2015-07-15 20:00:30 248832 ----a-w- C:\Windows\system32\schannel.dll
2015-06-09 10:51:11 . 2015-01-09 15:58:45 627920 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-05-25 18:07:34 . 2015-06-10 18:33:06 3989440 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2015-05-25 18:07:34 . 2015-06-10 18:33:04 3934144 ----a-w- C:\Windows\system32\ntoskrnl.exe
2015-05-25 18:04:08 . 2015-06-10 18:33:06 1307648 ----a-w- C:\Windows\system32\ntdll.dll
2015-05-25 18:01:45 . 2015-06-10 18:33:08 853504 ----a-w- C:\Windows\system32\diagtrack.dll
2015-05-25 18:01:42 . 2015-06-10 18:33:03 635392 ----a-w- C:\Windows\system32\tdh.dll
2015-05-25 18:01:41 . 2015-06-10 18:33:05 400896 ----a-w- C:\Windows\system32\srcore.dll
2015-05-25 18:01:41 . 2015-06-10 18:33:01 43008 ----a-w- C:\Windows\system32\srclient.dll
2015-05-25 18:01:39 . 2015-06-10 18:33:03 92160 ----a-w- C:\Windows\system32\sechost.dll
2015-05-25 18:01:21 . 2015-06-10 18:33:01 38912 ----a-w- C:\Windows\system32\csrsrv.dll
2015-05-25 18:01:17 . 2015-06-10 18:33:06 641536 ----a-w- C:\Windows\system32\advapi32.dll
2015-05-25 18:00:44 . 2015-06-10 18:33:01 40448 ----a-w- C:\Windows\system32\typeperf.exe
2015-05-25 18:00:40 . 2015-06-10 18:33:05 364544 ----a-w- C:\Windows\system32\tracerpt.exe
2015-05-25 18:00:29 . 2015-06-10 18:33:02 69632 ----a-w- C:\Windows\system32\smss.exe
2015-05-25 18:00:26 . 2015-06-10 18:33:05 262656 ----a-w- C:\Windows\system32\rstrui.exe
2015-05-25 18:00:25 . 2015-06-10 18:33:01 37888 ----a-w- C:\Windows\system32\relog.exe
2015-05-25 18:00:17 . 2015-06-10 18:33:03 82944 ----a-w- C:\Windows\system32\logman.exe
2015-05-25 18:00:09 . 2015-06-10 18:33:00 17408 ----a-w- C:\Windows\system32\diskperf.exe
2015-05-25 17:55:18 . 2015-06-10 18:33:00 6656 ----a-w- C:\Windows\system32\apisetschema.dll
2015-05-25 16:53:50 . 2015-06-10 18:32:59 36864 ----a-w- C:\Windows\system32\UtcResources.dll
2015-05-21 13:20:34 . 2015-06-05 16:17:56 163840 ----a-w- C:\Windows\system32\aepic.dll
2015-05-09 18:09:16 . 2015-07-07 14:54:40 715200 ----a-w- C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-05-09 03:14:43 . 2015-06-10 18:35:06 169984 ----a-w- C:\Windows\system32\winsrv.dll
2015-05-09 03:13:42 . 2015-06-10 18:35:06 293376 ----a-w- C:\Windows\system32\KernelBase.dll
2015-05-09 03:12:59 . 2015-06-10 18:35:06 271360 ----a-w- C:\Windows\system32\conhost.exe
2015-05-09 03:08:08 . 2015-06-10 18:35:05 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:05 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:04 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:04 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:04 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:04 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:04 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:04 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:04 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:04 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:03 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:03 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:03 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:02 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:08:08 . 2015-06-10 18:35:02 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-09 01:59:25 . 2015-06-10 18:35:03 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59:25 . 2015-06-10 18:35:03 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59:25 . 2015-06-10 18:35:03 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-09 01:59:25 . 2015-06-10 18:35:02 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 14:08:39 1730264 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 14:08:39 1730264 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 14:08:39 1730264 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 12:17:41 1174016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-16 02:55:24 815104]
"Acrobat Assistant 7.0"="d:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 10:12:02 483328]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 17:01:06 90112]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-25 05:12:00 17920]
"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 09:48:02 7708672]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 17:30:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 17:30:48 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 17:30:48 150552]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 12:53:20 548864]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2015-04-29 22:18:28 981688]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 09:01:46 1466368]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2015-06-08 17:08:50 334896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2009-11-12 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 ExtTag;ExtTag service;C:\ProgramData\ExtTag\ExtTag [x]
R2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [2015-06-03 14:42:38 327296]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 06:23:02 22528]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [2013-02-06 06:42:10 83864]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe [2015-06-19 18:13:19 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:44:32 14848]
R3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\Windows\system32\DRIVERS\s916bus.sys [2007-11-02 08:47:38 83496]
R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 08:47:38 15016]
R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s916mdm.sys [2007-11-02 08:47:38 109992]
R3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 09:47:38 103976]
R3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s916obex.sys [2007-11-02 09:47:38 100008]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 06:42:08 181784]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 00:42:31 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-19 19:14:29 1343400]
S1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-20 01:14:00 23232]
S1 MpKsl1881e190;MpKsl1881e190;c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{479CF432-BC3B-416D-901F-65ED76760470}\MpKsl1881e190.sys [2015-08-06 20:54:49 39168]
S2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2009-07-14 01:14:41 20992]
S2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2009-07-14 01:14:41 20992]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-07-01 19:17:16 1867448]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe [2009-07-14 01:14:41 20992]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 17:34:52 95408]
S2 TeamViewer9;TeamViewer 9;C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 09:45:03 5037888]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2008-11-12 12:42:00 46592]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 22:02:51 4231168]
S3 NisSrv;Kontrola sítě Microsoft;c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-29 23:04:12 284504]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
utcsvc REG_MULTI_SZ DiagTrack

Obsah adresáře 'Naplánované úlohy'

2015-08-06 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:31:59 . 2015-07-15 19:32:38]

------- Doplňkový sken -------

uStart Page = hxxp://www.centrum.cz/
mStart Page = hxxp://www.centrum.cz
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: mojebanka.cz\*
Trusted Zone: sharepoint.com\unipardubice
Trusted Zone: sharepoint.com\unipardubice-my
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 89.203.192.1 89.203.192.2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.magic-kinder.com/totalimmersion/plu ... taller.exe
FF - ProfilePath - C:\Users\Sonicka\AppData\Roaming\Mozilla\Firefox\Profiles\vz1ej7y5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-01_Simmental - D:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - D:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - D:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - D:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - D:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - D:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - D:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - D:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - D:\Program Files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - D:\Program Files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - D:\Program Files\Samsung\USB Drivers\25_escape\Uninstall.exe

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ExtTag]
"ImagePath"="C:\ProgramData\ExtTag\ExtTag"

--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3984)
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll

------------------------ Jiné spuštené procesy ------------------------

c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe

**************************************************************************

Celkový čas: 2015-08-06 23:40:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-06 21:40:37

Před spuštěním: Volných bajtů: 29 184 471 040
Po spuštění: Volných bajtů: 28 759 826 432

- - End Of File - - F568F1F3F004E03F0CB061DEA7F0F91B
A36C5E4F47E84449FF07ED3517B43A31

#4 Příspěvek od **Rudy** » 07 srp 2015 17:02

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

76033347 · #5 Příspěvek od **76033347** » 08 srp 2015 12:32

OK, moc díky za pomoc
po vyčištění přikládám nový log
ComboFix 15-08-06.01 - Sonicka 08.08.2015 12:32:27.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3063.1690 [GMT 2:00]
Spuštěný z: c:\users\Sonicka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Sonicka\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sonicka\AppData\Roaming\vso_ts_preview.xml
c:\users\Sonicka\Desktop\Internet Explorer.lnk
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AdobePDF.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-08 do 2015-08-08 )))))))))))))))))))))))))))))))
.
.
2015-08-08 10:56 . 2015-08-08 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-08 10:32 . 2015-08-08 10:32 39168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDA5AAD3-6EF6-4BDC-B8C1-BDD98AAF8496}\MpKsl8a43b998.sys
2015-08-07 14:01 . 2015-07-15 01:33 9252608 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDA5AAD3-6EF6-4BDC-B8C1-BDD98AAF8496}\mpengine.dll
2015-08-06 20:58 . 2015-08-06 20:58 -------- d-----w- c:\users\Sonicka\AppData\Local\TempTaskUpdateDetection069FC3B6-5E02-4B69-B5FC-E6239B5BEB71
2015-08-06 20:42 . 2015-07-15 01:33 9252608 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-06 14:54 . 2015-07-02 04:40 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAC1FBD6-5BB6-42B0-9A06-C7D0E054E38E}\gapaengine.dll
2015-08-05 17:18 . 2015-08-05 17:18 -------- d-----w- C:\$Windows.~WS
2015-08-04 19:52 . 2015-07-28 20:00 598528 ----a-w- c:\windows\system32\generaltel.dll
2015-08-04 19:52 . 2015-07-28 20:00 346112 ----a-w- c:\windows\system32\devinv.dll
2015-08-04 19:52 . 2015-07-28 20:00 60416 ----a-w- c:\windows\system32\acmigration.dll
2015-08-04 19:52 . 2015-07-28 20:00 635904 ----a-w- c:\windows\system32\invagent.dll
2015-08-04 19:52 . 2015-07-28 20:00 952832 ----a-w- c:\windows\system32\appraiser.dll
2015-08-04 19:52 . 2015-07-28 19:54 934400 ----a-w- c:\windows\system32\aeinv.dll
2015-08-04 19:52 . 2015-07-28 20:04 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-04 19:52 . 2015-07-28 20:00 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-08-04 19:47 . 2015-07-20 17:56 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-08-04 19:47 . 2015-07-20 17:56 35840 ----a-w- c:\windows\system32\wups2.dll
2015-08-04 19:47 . 2015-07-20 17:56 30208 ----a-w- c:\windows\system32\wups.dll
2015-08-04 19:47 . 2015-07-20 17:56 2943488 ----a-w- c:\windows\system32\wucltux.dll
2015-08-04 19:47 . 2015-07-20 17:56 2061312 ----a-w- c:\windows\system32\wuaueng.dll
2015-08-04 19:47 . 2015-07-20 17:56 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-08-04 19:47 . 2015-07-20 17:56 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-08-04 19:47 . 2015-07-20 17:56 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-08-04 19:47 . 2015-07-20 17:56 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-08-04 19:47 . 2015-07-20 17:56 135680 ----a-w- c:\windows\system32\wuauclt.exe
2015-08-04 19:47 . 2015-07-20 17:56 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-08-04 18:59 . 2015-08-04 20:52 1668 ----a-w- c:\windows\system32\ASOROSet.bin
2015-08-04 18:39 . 2015-08-06 20:42 -------- d-----w- c:\program files\schk32
2015-08-04 18:38 . 2015-08-04 19:05 -------- d-----w- c:\users\Sonicka\AppData\Local\BrnaWindows
2015-08-04 18:35 . 2015-08-04 18:35 -------- d-----w- c:\program files\Opera
2015-08-04 17:59 . 2015-08-04 17:59 -------- d-----w- C:\Spacekace
2015-07-21 06:13 . 2015-07-15 02:55 26624 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 06:13 . 2015-07-15 02:55 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-07-21 06:13 . 2015-07-15 02:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 06:13 . 2015-07-15 02:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 06:13 . 2015-07-15 01:52 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-07-15 22:02 . 2015-07-15 22:02 -------- d-----w- c:\program files\Common Files\Java
2015-07-15 19:59 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-15 19:58 . 2015-06-25 17:43 815312 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-07-15 19:58 . 2015-06-19 18:40 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-07-15 19:58 . 2015-06-19 18:25 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-07-15 19:58 . 2015-06-19 17:15 1951232 ----a-w- c:\windows\system32\wininet.dll
2015-07-15 19:58 . 2015-06-23 15:02 772608 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2015-07-15 19:58 . 2015-06-19 18:24 341504 ----a-w- c:\windows\system32\html.iec
2015-07-15 19:58 . 2015-06-19 18:23 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-07-15 19:58 . 2015-06-19 17:39 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-07-15 19:58 . 2015-06-19 17:53 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-07-15 19:58 . 2015-06-19 18:25 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-07-10 13:47 . 2015-08-06 21:02 -------- d-----w- C:\$Windows.~BT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 22:01 . 2014-10-22 16:15 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-15 19:32 . 2012-04-01 06:31 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-15 19:32 . 2011-06-14 05:17 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-05 10:11 . 2009-11-12 17:13 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-02 04:40 . 2013-03-12 19:03 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-07-01 20:30 . 2015-07-15 20:00 248832 ----a-w- c:\windows\system32\schannel.dll
2015-06-09 10:51 . 2015-01-09 15:58 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-05-25 18:07 . 2015-06-10 18:33 3989440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 18:33 3934144 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 18:33 1307648 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:01 . 2015-06-10 18:33 853504 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:01 . 2015-06-10 18:33 635392 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:01 . 2015-06-10 18:33 400896 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:01 . 2015-06-10 18:33 43008 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:01 . 2015-06-10 18:33 92160 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:01 . 2015-06-10 18:33 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:01 . 2015-06-10 18:33 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:00 . 2015-06-10 18:33 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:00 . 2015-06-10 18:33 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 18:33 69632 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:00 . 2015-06-10 18:33 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:00 . 2015-06-10 18:33 37888 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:00 . 2015-06-10 18:33 82944 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:00 . 2015-06-10 18:33 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 17:55 . 2015-06-10 18:33 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 16:53 . 2015-06-10 18:32 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-21 13:20 . 2015-06-05 16:17 163840 ----a-w- c:\windows\system32\aepic.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-16 815104]
"Acrobat Assistant 7.0"="d:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-25 17920]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 981688]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2009-11-12 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-06-19 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
R3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
R3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 181784]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
R4 ExtTag;ExtTag service;c:\programdata\ExtTag\ExtTag [x]
S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-20 23232]
S1 MpKsl8a43b998;MpKsl8a43b998;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDA5AAD3-6EF6-4BDC-B8C1-BDD98AAF8496}\MpKsl8a43b998.sys [2015-08-08 39168]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-07-01 1867448]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2015-04-29 284504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
utcsvc REG_MULTI_SZ DiagTrack
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mStart Page = hxxp://www.centrum.cz
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - d:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - d:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - d:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - d:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - d:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - d:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - d:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: mojebanka.cz\*
Trusted Zone: sharepoint.com\unipardubice
Trusted Zone: sharepoint.com\unipardubice-my
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 89.203.192.1 89.203.192.2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.magic-kinder.com/totalimmersion/plu ... taller.exe
FF - ProfilePath - c:\users\Sonicka\AppData\Roaming\Mozilla\Firefox\Profiles\vz1ej7y5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ExtTag]
"ImagePath"="c:\programdata\ExtTag\ExtTag"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\taskhost.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\GWX\GWX.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conhost.exe
c:\windows\system32\Samotari.scr
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-08-08 13:09:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-08 11:09
ComboFix2.txt 2015-08-06 21:40
.
Před spuštěním: Volných bajtů: 27 743 875 072
Po spuštění: Volných bajtů: 27 980 443 648
.
- - End Of File - - D31FC799D930EF42A9E0714E5E8C3DE2
A36C5E4F47E84449FF07ED3517B43A31

#6 Příspěvek od **Rudy** » 08 srp 2015 12:49

Smazáno. CF přejmenujte na uninstall a spusťte. CF bude odinstalován. Nastala nějaká změna?

76033347 · #7 Příspěvek od **76033347** » 25 srp 2015 08:18

CF odinstalován, děkuji za pomoc při řešení problému s počítačovou havětí.
Příště si musím dát pozor na některé stránky a nechodit tam.
Jinak rychlost PC je dobrá, hlášky žádné nevyskakují, žádné stránky se nepřepisují.

Ještě jednou moc děkuju a rád se na Vás při problému opět obrátím.
Wimmer

#8 Příspěvek od **Rudy** » 25 srp 2015 08:34

Klidně se obraťte, jsme tu stále. Nemáte zač!

VIRY.CZ

zavirovaný PC - prosím o pomoc

zavirovaný PC - prosím o pomoc

Re: zavirovaný PC - prosím o pomoc

Re: zavirovaný PC - prosím o pomoc

Re: zavirovaný PC - prosím o pomoc

Re: zavirovaný PC - prosím o pomoc

Re: zavirovaný PC - prosím o pomoc

Re: zavirovaný PC - prosím o pomoc

Re: zavirovaný PC - prosím o pomoc