přeskakování na nežádoucí stránky

[h2o]

Dobrý den, podařilo se mi chytit nějakou nákazu. Při otvírání stránek přes chrome nebo mozilu, se mi občas otevřou jiné stránky než požaduji. Předem děkuji za pomoc. Posílám log.

Logfile of random's system information tool 1.10 (written by random/random)
Run by H2O at 2015-12-04 16:55:17
Microsoft Windows 10 Pro
System drive C: has 210 GB (44%) free of 476 GB
Total RAM: 7375 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:55:19, on 04.12.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\trend micro\H2O.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://unstopp.me/wpad.dat?8fa44797e25d ... f9f2155883
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HP Officejet Pro 8610 (NET)] "C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN49HDW0KG:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8748 bytes

======Listing Processes======








C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-37b05425-9c35-401d-bb3e-e79b95515e7b -SystemEventPortName:HostProcess-5ee58b72-0b89-4079-99bc-316c1600ec2c -IoCancelEventPortName:HostProcess-333a54a2-c116-48c0-95ec-e525671b963e -NonStateChangingEventPortName:HostProcess-e3e7e965-0162-466c-b1a3-6702f70f0e84 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:fac429c3-e26a-4eac-835f-230f815385fc -DeviceGroupId:WpdFsGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\ElsaWin\bin\LcSvrPas.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\ElsaWin\bin\LcSvrDba.exe
C:\ElsaWin\bin\LcSvrHis.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ElsaWin\bin\LcSvrAdm.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\ElsaWin\bin\LcSvrSaz.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
dashost.exe {bbe0bd90-f69e-45ba-a80eb68b022da043}
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ElsaWin\bin\LcSvrAuf.exe
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN49HDW0KG:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
"C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe" -Embedding
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"fontdrvhost.exe"
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1201.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\system32\wbem\wmiprvse.exe

"c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
taskeng.exe {EAB399DA-18C1-41D4-9B00-F0379A9B4DAA}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\H2O\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-06-12 8484056]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2015-11-12 3933496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8610 (NET)"=C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [2014-07-21 3487240]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-08-21 767176]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"DSCAutomationHostEnabled"=2
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-12-04 16:55:17 ----D---- C:\rsit
2015-12-04 16:55:17 ----D---- C:\Program Files\trend micro
2015-12-04 14:33:01 ----D---- C:\Users\H2O\AppData\Roaming\GHISLER
2015-12-04 14:03:16 ----D---- C:\ProgramData\Norton
2015-12-04 14:02:21 ----A---- C:\Windows\system32\SBRC.dat
2015-12-04 13:28:14 ----A---- C:\Windows\wininit.ini
2015-12-04 13:27:03 ----D---- C:\ProgramData\STOPzilla!
2015-12-04 12:46:54 ----A---- C:\autoexec.bat
2015-12-04 12:45:54 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2015-12-04 09:45:41 ----D---- C:\ProgramData\Spybot - Search & Destroy
2015-12-04 09:26:20 ----D---- C:\ProgramData\ESET
2015-12-04 09:26:17 ----D---- C:\Program Files\ESET
2015-12-04 08:47:14 ----SHD---- C:\$RECYCLE.BIN
2015-12-04 08:45:49 ----A---- C:\Windows\zoek-delete.exe
2015-12-04 08:45:48 ----D---- C:\Windows\Temp
2015-12-03 16:54:09 ----D---- C:\Users\H2O\AppData\Roaming\Macromedia
2015-12-03 16:22:14 ----D---- C:\ProgramData\Malwarebytes
2015-12-02 20:02:25 ----D---- C:\Program Files\CCleaner
2015-11-26 09:02:05 ----D---- C:\Tachometry
2015-11-18 12:45:38 ----D---- C:\Program Files (x86)\STMicroelectronics
2015-11-18 12:45:34 ----D---- C:\Windows\Downloaded Installations
2015-11-12 07:13:58 ----A---- C:\Windows\system32\LogiLDA.DLL
2015-11-12 07:13:58 ----A---- C:\Windows\system32\LdaCx2.dll
2015-11-11 07:47:23 ----A---- C:\Windows\SYSWOW64\Windows.StateRepository.dll
2015-11-11 07:47:23 ----A---- C:\Windows\system32\Windows.UI.dll
2015-11-11 07:47:23 ----A---- C:\Windows\system32\Windows.StateRepository.dll
2015-11-11 07:47:22 ----A---- C:\Windows\SYSWOW64\esent.dll
2015-11-11 07:47:22 ----A---- C:\Windows\system32\Windows.Media.dll
2015-11-11 07:47:22 ----A---- C:\Windows\system32\edgehtml.dll
2015-11-11 07:47:22 ----A---- C:\Windows\system32\AppXDeploymentServer.dll
2015-11-11 07:47:21 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-11 07:47:21 ----A---- C:\Windows\system32\AppXDeploymentExtensions.dll
2015-11-11 07:47:20 ----A---- C:\Windows\system32\mshtml.dll
2015-11-11 07:47:20 ----A---- C:\Windows\system32\esent.dll
2015-11-11 07:47:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-11-11 07:47:19 ----A---- C:\Windows\system32\iertutil.dll
2015-11-11 07:47:18 ----A---- C:\Windows\SYSWOW64\Windows.Media.dll
2015-11-11 07:47:17 ----A---- C:\Windows\SYSWOW64\edgehtml.dll
2015-11-11 07:47:15 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-11-11 07:47:14 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-11-11 07:47:13 ----A---- C:\Windows\SYSWOW64\dlnashext.dll
2015-11-11 07:47:13 ----A---- C:\Windows\system32\dlnashext.dll
2015-11-11 07:47:13 ----A---- C:\Windows\system32\audiosrv.dll
2015-11-11 07:47:11 ----A---- C:\Windows\SYSWOW64\MFMediaEngine.dll
2015-11-11 07:47:11 ----A---- C:\Windows\system32\MFMediaEngine.dll
2015-11-11 07:47:10 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-11-11 07:47:10 ----A---- C:\Windows\SYSWOW64\LicenseManager.dll
2015-11-11 07:47:10 ----A---- C:\Windows\system32\urlmon.dll
2015-11-11 07:47:10 ----A---- C:\Windows\system32\LicenseManager.dll
2015-11-11 07:47:09 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-11-11 07:47:09 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-11-11 07:47:09 ----A---- C:\Windows\system32\appraiser.dll
2015-11-11 07:47:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-11 07:47:08 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-11 07:47:08 ----A---- C:\Windows\system32\drivers\netio.sys
2015-11-11 07:47:07 ----A---- C:\Windows\system32\winlogon.exe
2015-11-11 07:47:07 ----A---- C:\Windows\system32\internetmail.dll
2015-11-11 07:47:07 ----A---- C:\Windows\system32\dssvc.dll
2015-11-11 07:47:06 ----A---- C:\Windows\SYSWOW64\Windows.UI.dll
2015-11-11 07:47:06 ----A---- C:\Windows\system32\win32kfull.sys
2015-11-11 07:47:06 ----A---- C:\Windows\system32\usermgr.dll
2015-11-11 07:47:06 ----A---- C:\Windows\system32\MusUpdateHandlers.dll
2015-11-11 07:47:06 ----A---- C:\Windows\system32\browserbroker.dll
2015-11-11 07:47:05 ----A---- C:\Windows\system32\Windows.Devices.Usb.dll
2015-11-11 07:47:05 ----A---- C:\Windows\system32\RDXService.dll
2015-11-11 07:47:05 ----A---- C:\Windows\system32\ieframe.dll
2015-11-11 07:47:04 ----A---- C:\Windows\SYSWOW64\Windows.Devices.Usb.dll
2015-11-11 07:47:03 ----A---- C:\Windows\SYSWOW64\twinapi.appcore.dll
2015-11-11 07:47:03 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-11 07:47:03 ----A---- C:\Windows\system32\win32kbase.sys
2015-11-11 07:47:03 ----A---- C:\Windows\system32\twinapi.appcore.dll
2015-11-11 07:47:02 ----A---- C:\Windows\system32\jscript.dll
2015-11-11 07:47:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-11-11 07:47:01 ----A---- C:\Windows\system32\kerberos.dll
2015-11-11 07:47:01 ----A---- C:\Windows\system32\fontdrvhost.exe
2015-11-11 07:46:59 ----A---- C:\Windows\SYSWOW64\fontdrvhost.exe

======List of files/folders modified in the last 1 month======

2015-12-04 16:55:17 ----RD---- C:\Program Files
2015-12-04 16:53:03 ----D---- C:\Windows\debug
2015-12-04 16:53:03 ----D---- C:\Windows
2015-12-04 16:47:11 ----RD---- C:\Program Files (x86)
2015-12-04 16:38:04 ----D---- C:\Windows\System32
2015-12-04 16:30:58 ----D---- C:\Windows\Prefetch
2015-12-04 16:28:00 ----D---- C:\Windows\system32\sru
2015-12-04 15:20:47 ----D---- C:\Program Files (x86)\TeamViewer
2015-12-04 14:36:17 ----D---- C:\Windows\system32\Tasks
2015-12-04 14:33:28 ----D---- C:\Program Files\Common Files
2015-12-04 14:30:55 ----D---- C:\Windows\INF
2015-12-04 14:30:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-04 14:15:34 ----SD---- C:\ProgramData\Microsoft
2015-12-04 14:09:37 ----HD---- C:\ProgramData
2015-12-04 14:09:37 ----D---- C:\Windows\system32\drivers
2015-12-04 14:06:37 ----SHD---- C:\Windows\Installer
2015-12-04 14:06:35 ----D---- C:\Windows\SysWOW64
2015-12-04 13:29:15 ----D---- C:\Windows\Tasks
2015-12-04 12:30:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-04 12:05:25 ----D---- C:\Martech
2015-12-04 09:27:01 ----D---- C:\Windows\system32\DriverStore
2015-12-04 09:26:52 ----HD---- C:\Windows\ELAMBKUP
2015-12-04 08:47:19 ----D---- C:\Windows\AppReadiness
2015-12-04 07:43:17 ----D---- C:\Windows\Microsoft.NET
2015-12-04 07:08:36 ----HD---- C:\Program Files\WindowsApps
2015-12-03 17:23:37 ----D---- C:\Windows\system32\drivers\etc
2015-12-03 17:23:02 ----SHD---- C:\System Volume Information
2015-12-03 16:21:26 ----D---- C:\ETKA
2015-12-03 15:23:06 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2015-12-02 20:07:12 ----D---- C:\Users\H2O\AppData\Roaming\TeamViewer
2015-12-02 20:07:12 ----D---- C:\Users\H2O\AppData\Roaming\DAEMON Tools Lite
2015-12-02 20:06:12 ----D---- C:\Windows\Panther
2015-12-02 20:06:11 ----D---- C:\Windows\Minidump
2015-12-02 20:06:11 ----D---- C:\Windows\Logs
2015-12-02 19:43:39 ----D---- C:\Windows\system32\CatRoot
2015-12-02 17:07:37 ----D---- C:\zaloha
2015-12-02 09:47:49 ----RSD---- C:\Windows\Fonts
2015-11-26 09:00:42 ----D---- C:\!!!Montážní manuály
2015-11-24 18:17:12 ----D---- C:\!!!Firmware navigace
2015-11-19 12:48:52 ----D---- C:\Windows\system32\MRT
2015-11-19 12:45:50 ----A---- C:\Windows\system32\MRT.exe
2015-11-19 12:32:27 ----D---- C:\Windows\system32\config
2015-11-19 11:54:36 ----D---- C:\ProgramData\Oracle
2015-11-19 11:31:20 ----D---- C:\Program Files (x86)\Java
2015-11-19 11:31:11 ----D---- C:\Program Files (x86)\Common Files
2015-11-19 11:30:37 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-11-18 14:08:53 ----D---- C:\Windows\rescache
2015-11-18 12:45:39 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-11-18 12:38:18 ----RD---- C:\Windows\assembly
2015-11-18 12:33:22 ----D---- C:\Windows\WinSxS
2015-11-18 12:14:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-11-18 12:14:00 ----D---- C:\Windows\system32\cs-CZ
2015-11-18 12:14:00 ----D---- C:\Windows\system32\appraiser
2015-11-18 12:13:59 ----D---- C:\Windows\AppPatch
2015-11-11 08:46:11 ----D---- C:\ProgramData\Microsoft Help
2015-11-11 08:45:44 ----D---- C:\Windows\CbsTemp
2015-11-11 07:42:26 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 dtsoftbus01;@oem11.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2015-10-13 270912]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-09-23 264040]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-09-23 186784]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2015-07-10 83968]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2015-07-10 8192]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2015-10-13 109200]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2015-09-23 170792]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2015-10-13 350552]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2015-07-10 48128]
R2 multikey;@oem12.inf,%mkey.SVCDESC%;Virtual USB MultiKey; C:\Windows\system32\DRIVERS\multikey.sys [2011-09-06 76040]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\Windows\system32\drivers\storqosflt.sys [2015-07-10 61952]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 akshasp;@oem14.inf,%svcdesc%;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2015-10-13 77912]
R3 aksusb;@oem13.inf,%svcdesc%;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2015-10-13 322560]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-10-22 21648880]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-10-22 674288]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-06-18 4496600]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\Windows\System32\drivers\rt640x64.sys [2015-06-18 587264]
R3 StillCam;@sti.inf,%StillCam.SvcDesc%;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2015-07-10 12800]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2015-05-13 61464]
S0 eelam;eelam; C:\Windows\system32\DRIVERS\eelam.sys [2015-09-23 14976]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2015-07-10 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2015-07-10 99168]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2015-07-10 58208]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2015-07-10 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\Windows\System32\drivers\storufs.sys [2015-07-10 40288]
S2 NSHE;Guardant Emulator Driver; \??\C:\Windows\system32\Drivers\NSHE.SYS []
S3 AtiHDAudioService;@oem4.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWT6.sys [2015-10-13 102912]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2015-09-17 36352]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\Windows\System32\drivers\capimg.sys [2015-07-10 116736]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2015-12-04 22704]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\drivers\genericusbfn.sys [2015-07-10 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2015-07-10 50016]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2015-07-10 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\Windows\system32\drivers\ioqos.sys [2015-07-10 26624]
S3 IT9135BDA;@oem17.inf,%IT9135Devcie.FriendlyName%;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2015-10-13 113280]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2015-07-10 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2015-07-10 76128]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2015-09-10 934752]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\Windows\System32\Drivers\UcmCx.sys [2015-07-10 61952]
S3 UcmUcsi;@ucmucsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\Windows\System32\drivers\UcmUcsi.sys [2015-09-10 46080]
S3 UdeCx;USB Device Emulation Support Library; C:\Windows\system32\drivers\udecx.sys [2015-07-10 44032]
S3 Ufx01000;USB Function Class Extension; C:\Windows\system32\drivers\ufx01000.sys [2015-07-10 245088]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\Windows\System32\drivers\UfxChipidea.sys [2015-07-10 94048]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\Windows\System32\drivers\ufxsynopsys.sys [2015-07-10 127840]
S3 UrsCx01000;USB Role-Switch Support Library; C:\Windows\system32\drivers\urscx01000.sys [2015-07-10 57696]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\Windows\System32\drivers\urschipidea.sys [2015-07-10 28512]
S3 UrsSynopsys;@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver; C:\Windows\System32\drivers\urssynopsys.sys [2015-07-10 27488]
S3 usbser;@oem22.inf,%SERVICE%;STM Virtual COM Port; C:\Windows\System32\drivers\usbser.sys [2015-09-10 67072]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-10-22 255472]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-06-30 344064]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2015-07-10 39856]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2015-07-10 39856]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2015-10-09 2505472]
R2 LcSvrAdm;ELSA Administration Service; C:\ElsaWin\bin\LcSvrAdm.exe [2013-01-17 240640]
R2 LcSvrDba;ELSA DBA Server; C:\ElsaWin\bin\LcSvrDba.exe [2013-01-17 392704]
R2 LcSvrHis;ELSA Historie Server; C:\ElsaWin\bin\LcSvrHis.exe [2013-01-17 335360]
R2 LcSvrPAS;ELSA PASS Server; C:\ElsaWin\bin\LcSvrPas.exe [2013-01-17 478208]
R2 LcSvrSaz;ELSA APOSpro Server; C:\ElsaWin\bin\LcSvrSaz.exe [2013-01-17 373248]
R2 OneSyncSvc_Session1;Hostitel synchronizace_Session1; C:\Windows\system32\svchost.exe [2015-07-10 39856]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-11-30 6887696]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\Windows\system32\svchost.exe [2015-07-10 39856]
R2 UserManager;@%systemroot%\system32\usermgr.dll,-100; C:\Windows\system32\svchost.exe [2015-07-10 39856]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service; C:\ElsaWin\bin\LcSvrAuf.exe [2013-01-17 1321984]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2015-07-10 39856]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S2 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-02 268976]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-07-10 27136]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-06-17 43696]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-30 147624]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\lsass.exe [2015-07-10 56344]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 PimIndexMaintenanceSvc_Session1;Data kontaktů_Session1; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2015-09-10 1031680]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 UnistoreSvc_Session1;Úložiště uživatelských dat_Session1; C:\Windows\System32\svchost.exe [2015-07-10 39856]
S3 UserDataSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-14001; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 UserDataSvc_Session1;Přístup k uživatelským datům_Session1; C:\Windows\system32\svchost.exe [2015-07-10 39856]
S3 UsoSvc;@%systemroot%\system32\usocore.dll,-102; C:\Windows\system32\svchost.exe [2015-07-10 39856]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[h2o]

# AdwCleaner v5.023 - Logfile created 04/12/2015 at 19:57:20
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : H2O - DESKTOP-BTQUDR2
# Running from : C:\Users\H2O\Desktop\adwcleaner_5.023.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [569 bytes] ##########

[Rudy]

Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[h2o]

Zatím mnohokrát děkuji, výsledek zašlu v pondělí. Program mne odpojil od sítě a už se vzdáleně do pracovního PC nedostanu.

[Rudy]

OK.

[h2o]

Ahoj, výsledek:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: H2O
->Temp folder emptied: 118364961 bytes
->Temporary Internet Files folder emptied: 14973214 bytes
->Java cache emptied: 8196 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8585221 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 135,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: H2O
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 12042015_203657

Files moved on Reboot...
C:\Users\H2O\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\NR3YR0RA\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
File C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\NR3YR0RA\ErrorPageTemplate[1] not found!
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\HE8GVIG1\postmessageRelay[2].htm moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\HE8GVIG1\zrt_lookup[1].htm moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\EGBPYB4Z\TlA_zCeMkxl[1].htm moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\E7W63D41\402-otm-oldtimers-move-it[1].htm moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\E7W63D41\ads[3].htm moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\E7W63D41\fastbutton[2].htm moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\E7W63D41\like[1].htm moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\E7W63D41\rMDaOpSw-8ss9B8Y3bLqyA[1].eot moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\IE\E7W63D41\TlA_zCeMkxl[1].htm moved successfully.
C:\Users\H2O\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Rudy]

Smazáno. Nastala nějaká změna?

[h2o]

Zatím jsem jel jen přes IE a bez přeskočení nainstaluji zpět chrome a otestuji. Zatím mnohokrát děkuji za pomoc.

[Rudy]

Zatím není zač!

[h2o]

Tak asi je ještě někde sviňucha v chromu po pár stránkách je to tu zase

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[h2o]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 07.12.2015
Čas skenování: 20:01
Protokol: malware.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.07.04
Databáze rootkitů: v2015.12.07.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: H2O

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 334934
Uplynulý čas: 7 min, 2 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 1
Hijack.AutoConfigURL.ShrtCln, HKU\S-1-5-21-552243319-925643973-1343559118-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://unstopp.me/wpad.dat?8fa44797e25d ... f9f2155883, , [d070e8ba0c7fd16586a46a92a95a5da3]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Rudy]

Nalezenou položku smažte.

[h2o]

Smazáno, mám zkusit?