prosím o kontrolu, zavirované instalace programů, asi

Zpráva

romansniilek · #1 Příspěvek od **romansniilek** » 14 říj 2015 22:35

Zdravím,

instaloval jsem v časovém presu do počítače několik free verzí programů na vypalovaní. Neměl jsem čas a stahoval ze sosej apd. ESET přitom vychytal dva trojské koně.
Po odinstalování těchto k ničemu programů počítač začal jít špatně. Nešel spustit ccleaner. Při zapnutí trecku ve winampu to vyhodilo okno, že nemůže nalézt output plugin. VLC player zas nabízel restartování také něčeho se zvukem. Ale zvuk z něj šel, i když byl naplno tak zvuk z počítače byl téměř neslyšitelný, ukazatel na liště ukazoval jen půl centimetru signál. Po zakázání procesu backup nero ve službách, jsem spustil i ccleaner, pak jsem přeinstaloval winamp i vlc player a zvuk funguje správně.

Hlavně nejde zcela odinstalovat nero 9 essential free, nejde vymazat zástupve bez ikony v nabídce start a asi toho bude víc.

To je zatím vše na co jsem přišel. Prosím podívejte se mi na to.

Roman

Logfile of random's system information tool 1.10 (written by random/random)
Run by Uzivatel at 2015-10-15 01:24:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 147 GB (78%) free of 187 GB
Total RAM: 3062 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:48, on 15.10.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Uzivatel\AppData\Local\Temp\nro.tmp\"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: MOTU Pedal Service.lnk = C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MOTU_ZeroConf - MOTU Inc. - C:\Program Files (x86)\MOTU\motuDNSResponder.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5317 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:/Users/Uzivatel/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"D:\DOWNLOAD\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\6i9yx50l.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://www.advaita.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.207 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.207 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll

C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\6i9yx50l.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe [2015-09-10 4691384]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-09-16 8461224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22 500936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanSetup"=cmd /C rmdir /S /Q C:\Users\Uzivatel\AppData\Local\Temp\nro.tmp\ []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MOTU Pedal Service.lnk - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"midi3"=wdmaud.drv
"wave3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-10-15 01:15:20 ----D---- C:\Users\Uzivatel\AppData\Roaming\Winamp
2015-10-15 01:15:20 ----D---- C:\Program Files (x86)\Winamp
2015-10-15 01:14:09 ----D---- C:\Users\Uzivatel\AppData\Roaming\vlc
2015-10-15 01:06:29 ----SHD---- C:\Config.Msi
2015-10-10 21:34:02 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2015-10-10 21:33:42 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2015-10-10 21:33:20 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2015-10-10 21:33:01 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2015-10-10 21:32:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2015-10-10 21:01:31 ----D---- C:\Users\Uzivatel\AppData\Roaming\Ashampoo
2015-10-10 21:00:21 ----D---- C:\ProgramData\Ashampoo
2015-10-10 20:46:02 ----D---- C:\Users\Uzivatel\AppData\Roaming\Nero
2015-10-10 19:20:07 ----D---- C:\ProgramData\Nero
2015-10-01 11:44:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-09-18 12:42:42 ----D---- C:\Program Files\MOTU
2015-09-18 12:42:42 ----D---- C:\Program Files (x86)\MOTU

======List of files/folders modified in the last 1 month======

2015-10-15 01:24:47 ----D---- C:\Program Files\trend micro
2015-10-15 01:21:18 ----D---- C:\Windows\Temp
2015-10-15 01:15:20 ----RD---- C:\Program Files (x86)
2015-10-15 01:06:31 ----SHD---- C:\Windows\Installer
2015-10-15 01:04:35 ----D---- C:\Windows\system32\catroot2
2015-10-15 01:04:32 ----SHD---- C:\System Volume Information
2015-10-15 00:49:49 ----D---- C:\Windows
2015-10-14 23:35:40 ----D---- C:\Windows\system32\Tasks
2015-10-14 23:35:00 ----D---- C:\Windows\SysWOW64
2015-10-14 23:26:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-10-14 23:24:32 ----D---- C:\Windows\System32
2015-10-14 23:24:32 ----D---- C:\Windows\inf
2015-10-14 23:24:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-14 23:22:46 ----D---- C:\Program Files\CCleaner
2015-10-11 23:16:57 ----D---- C:\Windows\Logs
2015-10-11 21:51:11 ----D---- C:\Windows\system32\config
2015-10-10 21:40:28 ----D---- C:\Windows\Cursors
2015-10-10 21:30:23 ----D---- C:\Users\Uzivatel\AppData\Roaming\uTorrent
2015-10-10 21:00:21 ----HD---- C:\ProgramData
2015-10-10 19:27:58 ----D---- C:\Windows\Prefetch
2015-10-10 19:26:52 ----D---- C:\Windows\winsxs
2015-10-10 19:20:21 ----D---- C:\Program Files (x86)\Common Files
2015-10-03 04:21:28 ----D---- C:\ProgramData\Ableton
2015-10-01 22:41:08 ----D---- C:\Windows\system32\NDF
2015-10-01 21:29:08 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-26 16:50:00 ----D---- C:\Windows\rescache
2015-09-18 12:42:54 ----D---- C:\Windows\system32\DriverStore
2015-09-18 12:42:54 ----D---- C:\Windows\system32\catroot
2015-09-18 12:42:46 ----D---- C:\Windows\system32\drivers
2015-09-18 12:42:42 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2011-02-13 17024]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2008-11-05 67584]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2008-10-11 55808]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2008-07-28 57856]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio64.sys [2011-02-13 10240]
R3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2011-02-13 292864]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-07-30 30264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2011-02-13 1485824]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
R3 motubus;MOTU Audio MIDI Extension; C:\Windows\system32\drivers\MotuBus64.sys [2014-01-02 32016]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2011-02-13 740864]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit; C:\Windows\system32\drivers\MFWAMIDI64.sys [2014-01-02 34576]
S3 MFWAWAVE64;MOTU Audio Wave for 64 bit; C:\Windows\system32\drivers\MFWAWAVE64.sys [2014-01-02 84752]
S3 MotuFWA64;MotuFWA64; C:\Windows\system32\drivers\Motufwa64.sys [2014-01-02 656656]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14 269000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
S3 MOTU_ZeroConf;MOTU_ZeroConf; C:\Program Files (x86)\MOTU\motuDNSResponder.exe [2014-01-02 391472]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-01 147624]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 15 říj 2015 17:04

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

romansniilek · #3 Příspěvek od **romansniilek** » 15 říj 2015 23:23

# AdwCleaner v5.013 - Logfile created 16/10/2015 at 00:22:03
# Updated 09/10/2015 by Xplode
# Database : 2015-10-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Uzivatel - UZIVATEL-PC
# Running from : d:\Users\Uzivatel\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\6i9yx50l.default\searchplugins\qip-search.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [902 bytes] ##########

#4 Příspěvek od **Rudy** » 16 říj 2015 17:07

Dejte nový log RSIT.

romansniilek · #5 Příspěvek od **romansniilek** » 19 říj 2015 19:59

Včera při prohlížení trilerů na čsfd mi pokaždém zavření videa vyskočilo nějaké eror okno a také ukončení skriptu a něco flashplayeru, že přestal pracovat.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Uzivatel at 2015-10-19 20:53:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 147 GB (78%) free of 187 GB
Total RAM: 3062 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:53:47, on 19.10.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
C:\Program Files\trend micro\Uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: MOTU Pedal Service.lnk = C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MOTU_ZeroConf - MOTU Inc. - C:\Program Files (x86)\MOTU\motuDNSResponder.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5163 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:/Users/Uzivatel/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
"D:\DOWNLOAD\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\6i9yx50l.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://www.advaita.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\Uzivatel\AppData\Local\Akamai\netsession_win.exe [2015-09-10 4691384]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-09-16 8461224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22 500936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MOTU Pedal Service.lnk - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"midi3"=wdmaud.drv
"wave3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-10-18 21:13:22 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-10-16 00:12:53 ----D---- C:\AdwCleaner
2015-10-15 01:15:20 ----D---- C:\Users\Uzivatel\AppData\Roaming\Winamp
2015-10-15 01:15:20 ----D---- C:\Program Files (x86)\Winamp
2015-10-15 01:14:09 ----D---- C:\Users\Uzivatel\AppData\Roaming\vlc
2015-10-10 21:34:02 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2015-10-10 21:33:42 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2015-10-10 21:33:20 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2015-10-10 21:33:01 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2015-10-10 21:32:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2015-10-10 21:01:31 ----D---- C:\Users\Uzivatel\AppData\Roaming\Ashampoo
2015-10-10 21:00:21 ----D---- C:\ProgramData\Ashampoo
2015-10-10 20:46:02 ----D---- C:\Users\Uzivatel\AppData\Roaming\Nero
2015-10-10 19:20:07 ----D---- C:\ProgramData\Nero

======List of files/folders modified in the last 1 month======

2015-10-19 20:53:46 ----D---- C:\Program Files\trend micro
2015-10-19 20:52:54 ----D---- C:\Windows\System32
2015-10-19 20:52:54 ----D---- C:\Windows\inf
2015-10-19 20:52:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-19 20:49:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-10-19 20:49:21 ----D---- C:\Windows\Temp
2015-10-19 20:48:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-18 23:53:45 ----RD---- C:\Program Files (x86)
2015-10-18 20:59:46 ----SHD---- C:\Windows\Installer
2015-10-18 20:59:02 ----SHD---- C:\System Volume Information
2015-10-18 20:58:25 ----D---- C:\Windows\system32\config
2015-10-18 20:58:18 ----D---- C:\Windows\SysWOW64
2015-10-15 14:54:06 ----D---- C:\Windows
2015-10-15 01:04:35 ----D---- C:\Windows\system32\catroot2
2015-10-14 23:35:40 ----D---- C:\Windows\system32\Tasks
2015-10-14 23:22:46 ----D---- C:\Program Files\CCleaner
2015-10-11 23:16:57 ----D---- C:\Windows\Logs
2015-10-10 21:40:28 ----D---- C:\Windows\Cursors
2015-10-10 21:30:23 ----D---- C:\Users\Uzivatel\AppData\Roaming\uTorrent
2015-10-10 21:00:21 ----HD---- C:\ProgramData
2015-10-10 19:27:58 ----D---- C:\Windows\Prefetch
2015-10-10 19:26:52 ----D---- C:\Windows\winsxs
2015-10-10 19:20:21 ----D---- C:\Program Files (x86)\Common Files
2015-10-03 04:21:28 ----D---- C:\ProgramData\Ableton
2015-10-01 22:41:08 ----D---- C:\Windows\system32\NDF
2015-09-26 16:50:00 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2011-02-13 17024]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2008-11-05 67584]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2008-10-11 55808]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2008-07-28 57856]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio64.sys [2011-02-13 10240]
R3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2011-02-13 292864]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-07-30 30264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2011-02-13 1485824]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
R3 motubus;MOTU Audio MIDI Extension; C:\Windows\system32\drivers\MotuBus64.sys [2014-01-02 32016]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2011-02-13 740864]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit; C:\Windows\system32\drivers\MFWAMIDI64.sys [2014-01-02 34576]
S3 MFWAWAVE64;MOTU Audio Wave for 64 bit; C:\Windows\system32\drivers\MFWAWAVE64.sys [2014-01-02 84752]
S3 MotuFWA64;MotuFWA64; C:\Windows\system32\drivers\Motufwa64.sys [2014-01-02 656656]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-19 269000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
S3 MOTU_ZeroConf;MOTU_ZeroConf; C:\Program Files (x86)\MOTU\motuDNSResponder.exe [2014-01-02 391472]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-18 147624]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 19 říj 2015 20:35

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Users\Uzivatel\AppData\Local\Akamai

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

romansniilek · #7 Příspěvek od **romansniilek** » 31 říj 2015 00:55

Zdravím,měl jsem poněkud víc práce a vždy na to zapomněl.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Uzivatel at 2015-10-31 00:54:11
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 146 GB (78%) free of 187 GB
Total RAM: 3062 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:54:15, on 31.10.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
C:\Program Files\trend micro\Uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: MOTU Pedal Service.lnk = C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MOTU_ZeroConf - MOTU Inc. - C:\Program Files (x86)\MOTU\motuDNSResponder.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 4935 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
"D:\DOWNLOAD\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\6i9yx50l.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://www.advaita.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-09-16 8461224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22 500936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MOTU Pedal Service.lnk - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"midi3"=wdmaud.drv
"wave3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-10-18 20:13:22 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-10-15 23:12:53 ----D---- C:\AdwCleaner
2015-10-15 00:15:20 ----D---- C:\Users\Uzivatel\AppData\Roaming\Winamp
2015-10-15 00:15:20 ----D---- C:\Program Files (x86)\Winamp
2015-10-15 00:14:09 ----D---- C:\Users\Uzivatel\AppData\Roaming\vlc
2015-10-10 20:34:02 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2015-10-10 20:33:42 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2015-10-10 20:33:20 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2015-10-10 20:33:01 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2015-10-10 20:32:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2015-10-10 20:01:31 ----D---- C:\Users\Uzivatel\AppData\Roaming\Ashampoo
2015-10-10 20:00:21 ----D---- C:\ProgramData\Ashampoo
2015-10-10 19:46:02 ----D---- C:\Users\Uzivatel\AppData\Roaming\Nero
2015-10-10 18:20:07 ----D---- C:\ProgramData\Nero

======List of files/folders modified in the last 1 month======

2015-10-31 00:54:14 ----D---- C:\Program Files\trend micro
2015-10-31 00:51:49 ----D---- C:\Windows\Temp
2015-10-30 22:01:59 ----D---- C:\Windows\System32
2015-10-30 22:01:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-30 22:01:58 ----D---- C:\Windows\inf
2015-10-28 22:38:07 ----D---- C:\Users\Uzivatel\AppData\Roaming\uTorrent
2015-10-26 12:14:16 ----D---- C:\Users\Uzivatel\AppData\Roaming\Audacity
2015-10-26 11:45:08 ----D---- C:\Windows\system32\wdi
2015-10-25 21:33:19 ----D---- C:\Windows\system32\config
2015-10-25 21:30:12 ----SHD---- C:\System Volume Information
2015-10-19 19:49:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-10-19 19:48:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-18 22:53:45 ----RD---- C:\Program Files (x86)
2015-10-18 19:59:46 ----SHD---- C:\Windows\Installer
2015-10-18 19:58:18 ----D---- C:\Windows\SysWOW64
2015-10-15 13:54:06 ----D---- C:\Windows
2015-10-15 00:04:35 ----D---- C:\Windows\system32\catroot2
2015-10-14 22:35:40 ----D---- C:\Windows\system32\Tasks
2015-10-14 22:22:46 ----D---- C:\Program Files\CCleaner
2015-10-11 22:16:57 ----D---- C:\Windows\Logs
2015-10-10 20:40:28 ----D---- C:\Windows\Cursors
2015-10-10 20:00:21 ----HD---- C:\ProgramData
2015-10-10 18:27:58 ----D---- C:\Windows\Prefetch
2015-10-10 18:26:52 ----D---- C:\Windows\winsxs
2015-10-10 18:20:21 ----D---- C:\Program Files (x86)\Common Files
2015-10-03 03:21:28 ----D---- C:\ProgramData\Ableton
2015-10-01 21:41:08 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2011-02-13 17024]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2008-11-05 67584]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2008-10-11 55808]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2008-07-28 57856]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio64.sys [2011-02-13 10240]
R3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2011-02-13 292864]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-07-29 30264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2011-02-13 1485824]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
R3 motubus;MOTU Audio MIDI Extension; C:\Windows\system32\drivers\MotuBus64.sys [2014-01-02 32016]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2011-02-13 740864]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit; C:\Windows\system32\drivers\MFWAMIDI64.sys [2014-01-02 34576]
S3 MFWAWAVE64;MOTU Audio Wave for 64 bit; C:\Windows\system32\drivers\MFWAWAVE64.sys [2014-01-02 84752]
S3 MotuFWA64;MotuFWA64; C:\Windows\system32\drivers\Motufwa64.sys [2014-01-02 656656]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-19 269000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
S3 MOTU_ZeroConf;MOTU_ZeroConf; C:\Program Files (x86)\MOTU\motuDNSResponder.exe [2014-01-02 391472]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-18 147624]

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 31 říj 2015 11:09

Dvouklikem na soubor C:\Program Files\trend micro\Uzivatel.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: (no name) - - (no file)

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

VIRY.CZ

prosím o kontrolu, zavirované instalace programů, asi

prosím o kontrolu, zavirované instalace programů, asi

Re: prosím o kontrolu, zavirované instalace programů, asi

Re: prosím o kontrolu, zavirované instalace programů, asi

Re: prosím o kontrolu, zavirované instalace programů, asi

Re: prosím o kontrolu, zavirované instalace programů, asi

Re: prosím o kontrolu, zavirované instalace programů, asi

Re: prosím o kontrolu, zavirované instalace programů, asi

Re: prosím o kontrolu, zavirované instalace programů, asi