V IE 11 se zobrazujou reklamy

Zpráva

torek · #1 Příspěvek od **torek** » 06 led 2016 10:41

Dobry den,

poprosil bych o kontrolu logu RSIT.

V IE 11 se mi po kliknuti na ruzne webove odkazy oteviraji dalsi okna s reklamou (Tradeexchange, MillionarePSJ, atd...). Pri surfovani ve Firefox reklamni okna nevyskakujou.
Spoustil jsem online Eset sken, ktery nasel jeden vir, ale ten s reklamou nemel souvislost.
Nainstaloval jsem si Malware Antibytes, nic nenasel.
Nainstaloval jsem si Free Malware Removal Tool od Microsoftu, ten take nic nenasel.

Pripojuju log z RSIT. Log z Combofix pripojit nemuzu, protoze Combofix na Win 8.1 nefunguje.

Diky,
Honza

Log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2016-01-06 10:16:27
Microsoft Windows 8.1 Pro
System drive C: has 110 GB (73%) free of 150 GB
Total RAM: 8145 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:29, on 6. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\teamviewer\version7\TeamViewer.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKUS\S-1-5-21-3524262927-3214666377-2210781787-1002\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Irena Gavendova')
O4 - HKUS\S-1-5-21-3524262927-3214666377-2210781787-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7928 bytes

======Listing Processes======

wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {f2aa48f7-bd51-4519-8140346bf7b42561}
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe" -service

"C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"

winlogon.exe
"dwm.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session
"C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe" -service_run
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"c:\program files (x86)\teamviewer\version7\TeamViewer.exe"
taskhostex.exe
"C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version7\TeamViewer7_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version7\TeamViewer7_Logfile.log
"C:\Windows\System32\TiltWheelMouse.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe"
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
taskeng.exe {5F3BED35-D2FC-45DF-9C54-71DBC4C700F3}

"c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe23_ Global\UsGthrCtrlFltPipeMssGthrPipe23 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 564 568 576 65536 572

"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey CD562E44-1AA1-FB79-DF9C-13F3BC64F8A7 -Reinvoke
"C:\Users\Irena Gavendova\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16 219304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-16 2339032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MouseDriver"=C:\Windows\system32\TiltWheelMouse.exe [2013-04-09 241152]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Display"=C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-01-06 10:16:27 ----D---- C:\rsit
2016-01-06 10:16:27 ----D---- C:\Program Files\trend micro
2016-01-06 10:07:21 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-05 11:00:45 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-01-05 10:59:52 ----D---- C:\ProgramData\Malwarebytes
2016-01-05 10:59:52 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-05 10:59:52 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-01-05 10:59:52 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-01-05 10:59:52 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-01-05 09:26:18 ----D---- C:\Program Files (x86)\ESET
2016-01-05 09:21:31 ----D---- C:\AdwCleaner
2016-01-05 08:52:36 ----D---- C:\Users\Administrator\AppData\Roaming\Macromedia
2015-12-21 08:37:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-12-21 06:47:19 ----RD---- C:\Program Files (x86)\Skype
2015-12-09 07:05:53 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2015-12-09 07:05:53 ----A---- C:\Windows\system32\wshrm.dll
2015-12-09 07:05:53 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-09 07:05:22 ----A---- C:\Windows\system32\mshtml.dll
2015-12-09 07:05:21 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-09 07:05:17 ----A---- C:\Windows\system32\wininet.dll
2015-12-09 07:05:17 ----A---- C:\Windows\system32\jscript9.dll
2015-12-09 07:05:16 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-09 07:05:16 ----A---- C:\Windows\system32\urlmon.dll
2015-12-09 07:05:16 ----A---- C:\Windows\system32\ieframe.dll
2015-12-09 07:05:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-09 07:05:15 ----A---- C:\Windows\system32\ieui.dll
2015-12-09 07:05:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-09 07:05:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-09 07:05:14 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-09 07:05:14 ----A---- C:\Windows\system32\vbscript.dll
2015-12-09 07:05:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-09 07:05:13 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-09 07:05:13 ----A---- C:\Windows\system32\jscript.dll
2015-12-09 07:05:13 ----A---- C:\Windows\system32\iertutil.dll
2015-12-09 07:05:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-09 07:05:12 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-09 07:05:12 ----A---- C:\Windows\SYSWOW64\actxprxy.dll
2015-12-09 07:05:12 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-09 07:05:11 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-12-09 07:05:11 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\inetcomm.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\iepeers.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-09 07:05:10 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-09 07:05:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-09 07:05:10 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-09 07:05:10 ----A---- C:\Windows\system32\webcheck.dll
2015-12-09 07:05:10 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-09 07:05:10 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-09 07:05:09 ----A---- C:\Windows\system32\actxprxy.dll
2015-12-09 07:05:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-09 07:05:08 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-12-09 07:04:54 ----A---- C:\Windows\SYSWOW64\Windows.Globalization.dll
2015-12-09 07:04:54 ----A---- C:\Windows\system32\Windows.Globalization.dll
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\KBDAZST.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\GlobCollationHost.dll
2015-12-09 07:04:53 ----A---- C:\Windows\system32\kbdgeoqw.dll
2015-12-09 07:04:53 ----A---- C:\Windows\system32\KBDAZST.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\system32\KBDAZEL.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\system32\KBDAZE.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\system32\GlobCollationHost.dll
2015-12-09 07:04:52 ----A---- C:\Windows\system32\dpapisrv.dll
2015-12-09 07:04:01 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-09 07:04:01 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-09 07:04:01 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-09 07:04:01 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-09 07:04:00 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-12-09 07:04:00 ----A---- C:\Windows\system32\winresume.exe
2015-12-09 07:04:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-12-09 07:04:00 ----A---- C:\Windows\system32\ntdll.dll
2015-12-09 07:03:59 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-12-09 07:03:59 ----A---- C:\Windows\system32\winload.exe
2015-12-09 07:03:59 ----A---- C:\Windows\system32\ntvdm64.dll
2015-12-09 07:03:08 ----A---- C:\Windows\SYSWOW64\wmsgapi.dll
2015-12-09 07:03:08 ----A---- C:\Windows\system32\wmsgapi.dll
2015-12-09 07:03:08 ----A---- C:\Windows\system32\winlogon.exe
2015-12-09 07:03:08 ----A---- C:\Windows\system32\wininit.exe
2015-12-09 07:02:53 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-09 07:02:53 ----A---- C:\Windows\SYSWOW64\GdiPlus.dll
2015-12-09 07:02:53 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\win32k.sys
2015-12-09 07:02:53 ----A---- C:\Windows\system32\user32.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\msctf.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\GdiPlus.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\FntCache.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\DWrite.dll
2015-12-09 07:02:52 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-12-09 07:02:30 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-12-09 07:02:30 ----A---- C:\Windows\system32\authui.dll
2015-12-09 07:02:29 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-09 07:02:29 ----A---- C:\Windows\SYSWOW64\PCPKsp.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wups2.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wucltux.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wuapi.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\PCPKsp.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbport.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbohci.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\USBHUB3.SYS
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbhub.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbehci.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbd.sys
2015-12-09 07:02:28 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-09 07:02:28 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-09 07:02:28 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-09 07:02:28 ----A---- C:\Windows\system32\wudriver.dll
2015-12-09 07:02:28 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2016-01-06 10:16:27 ----RD---- C:\Program Files
2016-01-06 10:16:23 ----D---- C:\Windows\Temp
2016-01-06 10:07:21 ----RD---- C:\Windows\System32
2016-01-06 10:02:55 ----D---- C:\Windows\Prefetch
2016-01-06 09:00:00 ----D---- C:\Windows\system32\sru
2016-01-06 08:24:01 ----D---- C:\Windows\Microsoft.NET
2016-01-06 07:14:27 ----D---- C:\Windows\system32\config
2016-01-06 07:10:15 ----D---- C:\Windows\CbsTemp
2016-01-05 19:31:26 ----D---- C:\ProgramData\NVIDIA
2016-01-05 19:30:55 ----A---- C:\Windows\SYSWOW64\PCPELog.txt
2016-01-05 11:00:45 ----D---- C:\Windows\system32\drivers
2016-01-05 10:59:52 ----RD---- C:\Program Files (x86)
2016-01-05 10:59:52 ----HD---- C:\ProgramData
2016-01-05 09:31:08 ----D---- C:\Windows
2016-01-05 09:26:18 ----SD---- C:\Windows\Downloaded Program Files
2016-01-05 08:55:02 ----D---- C:\Windows\SoftwareDistribution
2016-01-05 08:52:19 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2016-01-05 08:06:39 ----SHD---- C:\Windows\Installer
2016-01-05 08:06:12 ----D---- C:\Windows\SysWOW64
2016-01-05 06:45:10 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-04 09:16:41 ----SHD---- C:\System Volume Information
2016-01-04 07:33:20 ----D---- C:\Windows\WinSxS
2016-01-04 06:46:23 ----D---- C:\Windows\Inf
2015-12-26 09:48:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-21 10:59:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-21 06:47:33 ----D---- C:\ProgramData\Skype
2015-12-21 06:47:20 ----D---- C:\Program Files (x86)\Common Files
2015-12-21 06:44:15 ----SD---- C:\Windows\SYSWOW64\GWX
2015-12-21 06:44:14 ----SD---- C:\Windows\system32\GWX
2015-12-18 08:05:18 ----RD---- C:\Windows\assembly
2015-12-16 07:06:50 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-12-16 07:06:14 ----D---- C:\Program Files\Microsoft Office 15
2015-12-10 11:07:58 ----D---- C:\Windows\rescache
2015-12-10 10:38:54 ----D---- C:\Windows\system32\DriverStore
2015-12-09 14:47:30 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-09 14:47:30 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-09 14:47:30 ----D---- C:\Windows\system32\en-US
2015-12-09 14:47:30 ----D---- C:\Windows\system32\cs-CZ
2015-12-09 14:47:30 ----D---- C:\Program Files\Internet Explorer
2015-12-09 14:47:30 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-09 14:47:29 ----RSD---- C:\Windows\Fonts
2015-12-09 08:09:10 ----D---- C:\Windows\system32\MRT
2015-12-09 07:03:11 ----D---- C:\Windows\system32\catroot2
2015-12-09 04:39:31 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R3 iwdbus;@oem3.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2015-05-26 30512]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-01-06 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 64216]
R3 MEIx64;@oem8.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-12 99288]
R3 NVHDA;@oem13.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-20 195728]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2015-02-20 10284872]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 t_mouse.sys;@oem16.inf,%strDeviceHID%;HID-compliand device; C:\Windows\system32\DRIVERS\t_mouse.sys [2013-04-09 6144]
R3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-08-09 4928256]
S3 intaud_WaveExtensible;@oem2.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2015-05-26 42288]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-11-24 2802360]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2013-08-22 37768]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-08-09 355232]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-05 935056]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 337776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-05 410952]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2015-05-29 2869040]
R2 uvnc_service;uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [2015-11-03 2128152]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2013-08-22 37768]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-08-09 288688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-12-21 147624]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 06 led 2016 18:24

Zdarvím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

torek · #3 Příspěvek od **torek** » 07 led 2016 11:50

# AdwCleaner v5.028 - Logfile created 07/01/2016 at 11:45:47
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Administrator - TRNPC1
# Running from : C:\Users\Irena Gavendova\Desktop\adwcleaner_5.028.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [675 bytes] ##########

#4 Příspěvek od **Rudy** » 07 led 2016 17:36

Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

torek · #5 Příspěvek od **torek** » 07 led 2016 19:45

Provedeno a posilam log z RSIT, diky.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2016-01-07 19:44:53
Microsoft Windows 8.1 Pro
System drive C: has 111 GB (74%) free of 150 GB
Total RAM: 8145 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:44:56, on 7. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\teamviewer\version7\TeamViewer.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\RunOnce: [OTM] "C:\Users\Irena Gavendova\Downloads\OTM.exe"
O4 - HKCU\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[C1].txt
O4 - HKUS\S-1-5-21-3524262927-3214666377-2210781787-1002\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Irena Gavendova')
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7873 bytes

======Listing Processes======

wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
dashost.exe {bd446a37-4d22-46e4-be3e1d3d05720423}
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe" -service

"C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe"
"C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe" -service_run

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"c:\program files (x86)\teamviewer\version7\TeamViewer.exe"
taskhostex.exe
"C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version7\TeamViewer7_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version7\TeamViewer7_Logfile.log
"C:\Windows\System32\TiltWheelMouse.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe"

"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
"C:\Users\Irena Gavendova\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16 219304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-16 2339032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MouseDriver"=C:\Windows\system32\TiltWheelMouse.exe [2013-04-09 241152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=\AdwCleaner\AdwCleaner[C1].txt [2016-01-07 751]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Display"=C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTM"=C:\Users\Irena Gavendova\Downloads\OTM.exe [2016-01-07 522240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-01-07 19:22:12 ----D---- C:\_OTM
2016-01-07 10:28:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-01-06 10:16:27 ----D---- C:\rsit
2016-01-06 10:16:27 ----D---- C:\Program Files\trend micro
2016-01-06 10:07:21 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-05 11:00:45 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-01-05 10:59:52 ----D---- C:\ProgramData\Malwarebytes
2016-01-05 10:59:52 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-05 10:59:52 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-01-05 10:59:52 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-01-05 10:59:52 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-01-05 09:26:18 ----D---- C:\Program Files (x86)\ESET
2016-01-05 09:21:31 ----D---- C:\AdwCleaner
2016-01-05 08:52:36 ----D---- C:\Users\Administrator\AppData\Roaming\Macromedia
2015-12-21 06:47:19 ----RD---- C:\Program Files (x86)\Skype
2015-12-09 07:05:53 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2015-12-09 07:05:53 ----A---- C:\Windows\system32\wshrm.dll
2015-12-09 07:05:53 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-09 07:05:22 ----A---- C:\Windows\system32\mshtml.dll
2015-12-09 07:05:21 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-09 07:05:17 ----A---- C:\Windows\system32\wininet.dll
2015-12-09 07:05:17 ----A---- C:\Windows\system32\jscript9.dll
2015-12-09 07:05:16 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-09 07:05:16 ----A---- C:\Windows\system32\urlmon.dll
2015-12-09 07:05:16 ----A---- C:\Windows\system32\ieframe.dll
2015-12-09 07:05:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-09 07:05:15 ----A---- C:\Windows\system32\ieui.dll
2015-12-09 07:05:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-09 07:05:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-09 07:05:14 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-09 07:05:14 ----A---- C:\Windows\system32\vbscript.dll
2015-12-09 07:05:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-09 07:05:13 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-09 07:05:13 ----A---- C:\Windows\system32\jscript.dll
2015-12-09 07:05:13 ----A---- C:\Windows\system32\iertutil.dll
2015-12-09 07:05:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-09 07:05:12 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-09 07:05:12 ----A---- C:\Windows\SYSWOW64\actxprxy.dll
2015-12-09 07:05:12 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-09 07:05:11 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-12-09 07:05:11 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\inetcomm.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\iepeers.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-09 07:05:11 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-09 07:05:10 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-09 07:05:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-09 07:05:10 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-09 07:05:10 ----A---- C:\Windows\system32\webcheck.dll
2015-12-09 07:05:10 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-09 07:05:10 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-09 07:05:09 ----A---- C:\Windows\system32\actxprxy.dll
2015-12-09 07:05:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-09 07:05:08 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-12-09 07:04:54 ----A---- C:\Windows\SYSWOW64\Windows.Globalization.dll
2015-12-09 07:04:54 ----A---- C:\Windows\system32\Windows.Globalization.dll
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\KBDAZST.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\SYSWOW64\GlobCollationHost.dll
2015-12-09 07:04:53 ----A---- C:\Windows\system32\kbdgeoqw.dll
2015-12-09 07:04:53 ----A---- C:\Windows\system32\KBDAZST.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\system32\KBDAZEL.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\system32\KBDAZE.DLL
2015-12-09 07:04:53 ----A---- C:\Windows\system32\GlobCollationHost.dll
2015-12-09 07:04:52 ----A---- C:\Windows\system32\dpapisrv.dll
2015-12-09 07:04:01 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-09 07:04:01 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-09 07:04:01 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-09 07:04:01 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-09 07:04:00 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-12-09 07:04:00 ----A---- C:\Windows\system32\winresume.exe
2015-12-09 07:04:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-12-09 07:04:00 ----A---- C:\Windows\system32\ntdll.dll
2015-12-09 07:03:59 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-12-09 07:03:59 ----A---- C:\Windows\system32\winload.exe
2015-12-09 07:03:59 ----A---- C:\Windows\system32\ntvdm64.dll
2015-12-09 07:03:08 ----A---- C:\Windows\SYSWOW64\wmsgapi.dll
2015-12-09 07:03:08 ----A---- C:\Windows\system32\wmsgapi.dll
2015-12-09 07:03:08 ----A---- C:\Windows\system32\winlogon.exe
2015-12-09 07:03:08 ----A---- C:\Windows\system32\wininit.exe
2015-12-09 07:02:53 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-09 07:02:53 ----A---- C:\Windows\SYSWOW64\GdiPlus.dll
2015-12-09 07:02:53 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\win32k.sys
2015-12-09 07:02:53 ----A---- C:\Windows\system32\user32.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\msctf.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\GdiPlus.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\FntCache.dll
2015-12-09 07:02:53 ----A---- C:\Windows\system32\DWrite.dll
2015-12-09 07:02:52 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-12-09 07:02:30 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-12-09 07:02:30 ----A---- C:\Windows\system32\authui.dll
2015-12-09 07:02:29 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-09 07:02:29 ----A---- C:\Windows\SYSWOW64\PCPKsp.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wups2.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wucltux.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-09 07:02:29 ----A---- C:\Windows\system32\wuapi.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\PCPKsp.dll
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbport.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbohci.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\USBHUB3.SYS
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbhub.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbehci.sys
2015-12-09 07:02:29 ----A---- C:\Windows\system32\drivers\usbd.sys
2015-12-09 07:02:28 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-09 07:02:28 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-09 07:02:28 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-09 07:02:28 ----A---- C:\Windows\system32\wudriver.dll
2015-12-09 07:02:28 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2016-01-07 19:44:53 ----D---- C:\Windows\Temp
2016-01-07 19:43:17 ----D---- C:\Windows\Prefetch
2016-01-07 19:30:32 ----D---- C:\ProgramData\NVIDIA
2016-01-07 19:30:04 ----A---- C:\Windows\SYSWOW64\PCPELog.txt
2016-01-07 18:00:00 ----D---- C:\Windows\system32\sru
2016-01-07 12:18:15 ----D---- C:\Windows\system32\config
2016-01-07 12:14:19 ----D---- C:\Windows\CbsTemp
2016-01-07 11:46:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 10:43:19 ----RD---- C:\Program Files (x86)
2016-01-06 10:16:27 ----RD---- C:\Program Files
2016-01-06 10:07:21 ----RD---- C:\Windows\System32
2016-01-06 08:24:01 ----D---- C:\Windows\Microsoft.NET
2016-01-05 11:00:45 ----D---- C:\Windows\system32\drivers
2016-01-05 10:59:52 ----HD---- C:\ProgramData
2016-01-05 09:31:08 ----D---- C:\Windows
2016-01-05 09:26:18 ----SD---- C:\Windows\Downloaded Program Files
2016-01-05 08:55:02 ----D---- C:\Windows\SoftwareDistribution
2016-01-05 08:52:19 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2016-01-05 08:06:39 ----SHD---- C:\Windows\Installer
2016-01-05 08:06:12 ----D---- C:\Windows\SysWOW64
2016-01-04 09:16:41 ----SHD---- C:\System Volume Information
2016-01-04 07:33:20 ----D---- C:\Windows\WinSxS
2016-01-04 06:46:23 ----D---- C:\Windows\Inf
2015-12-26 09:48:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-21 10:59:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-21 06:47:33 ----D---- C:\ProgramData\Skype
2015-12-21 06:47:20 ----D---- C:\Program Files (x86)\Common Files
2015-12-21 06:44:15 ----SD---- C:\Windows\SYSWOW64\GWX
2015-12-21 06:44:14 ----SD---- C:\Windows\system32\GWX
2015-12-18 08:05:18 ----RD---- C:\Windows\assembly
2015-12-16 07:06:50 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-12-16 07:06:14 ----D---- C:\Program Files\Microsoft Office 15
2015-12-10 11:07:58 ----D---- C:\Windows\rescache
2015-12-10 10:38:54 ----D---- C:\Windows\system32\DriverStore
2015-12-09 14:47:30 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-09 14:47:30 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-09 14:47:30 ----D---- C:\Windows\system32\en-US
2015-12-09 14:47:30 ----D---- C:\Windows\system32\cs-CZ
2015-12-09 14:47:30 ----D---- C:\Program Files\Internet Explorer
2015-12-09 14:47:30 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-09 14:47:29 ----RSD---- C:\Windows\Fonts
2015-12-09 08:09:10 ----D---- C:\Windows\system32\MRT
2015-12-09 07:03:11 ----D---- C:\Windows\system32\catroot2
2015-12-09 04:39:31 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R3 iwdbus;@oem3.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2015-05-26 30512]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 64216]
R3 MEIx64;@oem8.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-12 99288]
R3 NVHDA;@oem13.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-20 195728]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2015-02-20 10284872]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 t_mouse.sys;@oem16.inf,%strDeviceHID%;HID-compliand device; C:\Windows\system32\DRIVERS\t_mouse.sys [2013-04-09 6144]
R3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-08-09 4928256]
S3 intaud_WaveExtensible;@oem2.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2015-05-26 42288]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-01-06 192216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-11-24 2802360]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2013-08-22 37768]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-08-09 355232]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-05 935056]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-04-30 337776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-05 410952]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2015-05-29 2869040]
R2 uvnc_service;uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [2015-11-03 2128152]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2013-08-22 37768]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-08-09 288688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-07 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 07 led 2016 19:50

OK. Nastala nějaká změna?

torek · #7 Příspěvek od **torek** » 07 led 2016 20:02

Ne, stale se pri kliknuti webovy odkaz zobrazuji reklamni stranky (tradeexchange.com), Malwarebytes je aspon blokuje.

#8 Příspěvek od **Rudy** » 07 led 2016 20:06

Zkusíme tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

torek · #9 Příspěvek od **torek** » 07 led 2016 22:10

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Administrator on źt 07. 01. 2016 at 21:51:48,24.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Irena Gavendova\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7. 1. 2016 21:52:57 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\Users\Administrator\AppData\Local\EmieSiteList deleted successfully
C:\Users\Administrator\AppData\Local\EmieUserList deleted successfully
C:\Users\Irena Gavendova\AppData\Local\GHISLER deleted successfully
C:\Users\Irena Gavendova\AppData\Local\VirtualStore deleted successfully
C:\Users\Karel Krizek\AppData\Local\VirtualStore deleted successfully

************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 Pro x64
Ran by Administrator (Administrator) on źt 07. 01. 2016 at 22:05:03,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 07. 01. 2016 at 22:06:21,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10 Příspěvek od **Rudy** » 07 led 2016 22:30

Jak se to chová nyní?

torek · #11 Příspěvek od **torek** » 08 led 2016 07:48

Reklamni stranky vyskakujou porad.

#12 Příspěvek od **Rudy** » 08 led 2016 19:24

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

torek · #13 Příspěvek od **torek** » 19 led 2016 12:29

Pardon za prodlevu, problemy s internetem.

Malwarebytes stale blokuje pomoci sveho stitu reklamni ookna.

Zde log:
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 19. 1. 2016
Čas skenování: 9:40
Protokol:
Správce: Ne

Verze: 2.2.0.1024
Databáze malwaru: v2016.01.19.02
Databáze rootkitů: v2016.01.09.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Irena Gavendova

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 240039
Uplynulý čas: 10 min, 40 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#14 Příspěvek od **Rudy** » 19 led 2016 17:39

MBAM ale nic nenašel. Zkuste IE přeinstalovat: https://support.microsoft.com/cs-cz/kb/318378 .

torek · #15 Příspěvek od **torek** » 21 led 2016 13:08

Reinstalace IE11 vyresila problem, diky moc.

Driv jsem posilal darovaci SMS na podporu fora, ale ted navod s cislem nemuzu najit. Muzete mi poradit?

Diky.

VIRY.CZ

V IE 11 se zobrazujou reklamy

V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy

Re: V IE 11 se zobrazujou reklamy