Preventivní kontrola

Zpráva

badboy.majkl · #1 Příspěvek od **badboy.majkl** » 21 pro 2016 17:36

Ahoj,

prosím o preventivní kontrolu logu. V domácnosti měli vir v routeru, proto raději zasílám i první PC ke kontrole.
A prosím o obnovu obrázků ve vláknu "Návod na vytvoření logu z RSIT".

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by Helča at 2016-12-21 17:32:30
Microsoft Windows 7 Professional  Service Pack 1
System drive C: has 116 GB (77%) free of 150 GB
Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:32:58, on 21.12.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Users\Helča\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Helča\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Helča\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Helča\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Helča\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Helča\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Helča\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Helča.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Google Update] C:\Users\Helča\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 3477 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job - C:\WINDOWS\AutoKMS\AutoKMS.exe  /Application 

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Helča\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [2016-12-19 601752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Helča^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sledovat výstrahy inkoustu - HP Deskjet 1510 series.lnk]
C:\Windows\system32\RunDll32.exe [2009-07-14 44544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-21 17:32:30 ----D---- C:\rsit
2016-12-21 17:32:30 ----D---- C:\Program Files\trend micro
2016-12-16 18:02:37 ----SHD---- C:\Config.Msi
2016-12-16 17:11:26 ----A---- C:\Windows\system32\mshtml.dll
2016-12-16 17:11:24 ----A---- C:\Windows\system32\wininet.dll
2016-12-16 17:11:24 ----A---- C:\Windows\system32\jscript9.dll
2016-12-16 17:11:24 ----A---- C:\Windows\system32\ieframe.dll
2016-12-16 17:11:23 ----A---- C:\Windows\system32\winload.exe
2016-12-16 17:11:23 ----A---- C:\Windows\system32\win32k.sys
2016-12-16 17:11:23 ----A---- C:\Windows\system32\msi.dll
2016-12-16 17:11:23 ----A---- C:\Windows\system32\iedkcs32.dll
2016-12-16 17:11:23 ----A---- C:\Windows\system32\drivers\cng.sys
2016-12-16 17:11:23 ----A---- C:\Windows\system32\crypt32.dll
2016-12-16 17:11:23 ----A---- C:\Windows\system32\clfs.sys
2016-12-16 17:11:23 ----A---- C:\Windows\system32\bcdedit.exe
2016-12-16 17:11:22 ----A---- C:\Windows\system32\wintrust.dll
2016-12-16 17:11:22 ----A---- C:\Windows\system32\usp10.dll
2016-12-16 17:11:22 ----A---- C:\Windows\system32\user32.dll
2016-12-16 17:11:22 ----A---- C:\Windows\system32\urlmon.dll
2016-12-16 17:11:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-12-16 17:11:22 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-12-16 17:11:22 ----A---- C:\Windows\system32\ntdll.dll
2016-12-16 17:11:22 ----A---- C:\Windows\system32\nlsbres.dll
2016-12-16 17:11:22 ----A---- C:\Windows\system32\hlink.dll
2016-12-16 17:11:22 ----A---- C:\Windows\system32\gdi32.dll
2016-12-16 17:11:22 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-12-16 17:11:22 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-12-16 17:11:22 ----A---- C:\Windows\system32\consent.exe
2016-12-16 17:11:22 ----A---- C:\Windows\system32\bcrypt.dll
2016-12-16 17:11:21 ----A---- C:\Windows\system32\vbscript.dll
2016-12-16 17:11:21 ----A---- C:\Windows\system32\msiexec.exe
2016-12-16 17:11:21 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-12-16 17:11:21 ----A---- C:\Windows\system32\msfeeds.dll
2016-12-16 17:11:21 ----A---- C:\Windows\system32\jscript.dll
2016-12-16 17:11:21 ----A---- C:\Windows\system32\iertutil.dll
2016-12-16 17:11:21 ----A---- C:\Windows\system32\ieapfltr.dll
2016-12-16 17:11:19 ----A---- C:\Windows\system32\ieui.dll
2016-12-16 17:11:18 ----A---- C:\Windows\system32\webcheck.dll
2016-12-16 17:11:18 ----A---- C:\Windows\system32\msihnd.dll
2016-12-16 17:11:18 ----A---- C:\Windows\system32\authui.dll
2016-12-16 17:11:16 ----A---- C:\Windows\system32\smss.exe
2016-12-16 17:11:16 ----A---- C:\Windows\system32\mshtmled.dll
2016-12-16 17:11:16 ----A---- C:\Windows\system32\jscript9diag.dll
2016-12-16 17:11:16 ----A---- C:\Windows\system32\dxtrans.dll
2016-12-16 17:11:16 ----A---- C:\Windows\system32\dxtmsft.dll
2016-12-16 17:11:16 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-12-16 17:11:15 ----A---- C:\Windows\system32\wdigest.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\TSpkg.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\sspisrv.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\sspicli.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\srcore.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\srclient.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\schannel.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\secur32.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\rstrui.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\rpchttp.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\rpcrt4.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\occache.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\ncrypt.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\msv1_0.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\msrating.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\msimsg.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\lsass.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\lsasrv.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\kerberos.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\jsproxy.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\inseng.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\ieUnatt.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\iesetup.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\iernonce.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\ie4uinit.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-12-16 17:11:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-12-16 17:11:15 ----A---- C:\Windows\system32\drivers\appid.sys
2016-12-16 17:11:15 ----A---- C:\Windows\system32\csrsrv.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\cryptsvc.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\cryptnet.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\cryptbase.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\credssp.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\auditpol.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\appinfo.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\appidsvc.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-12-16 17:11:15 ----A---- C:\Windows\system32\appidapi.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\apisetschema.dll
2016-12-16 17:11:15 ----A---- C:\Windows\system32\advapi32.dll
2016-12-16 17:11:14 ----A---- C:\Windows\system32\tzres.dll
2016-12-16 17:11:14 ----A---- C:\Windows\system32\msobjs.dll
2016-12-16 17:11:14 ----A---- C:\Windows\system32\msaudite.dll
2016-12-16 17:11:14 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-12-16 17:11:14 ----A---- C:\Windows\system32\adtschema.dll
2016-11-29 22:34:16 ----A---- C:\Windows\system32\msvcr110_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\Windows\system32\msvcr100_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\Windows\system32\msvcp110_clr0400.dll
2016-11-29 22:34:16 ----A---- C:\Windows\system32\aspnet_counters.dll

======List of files/folders modified in the last 1 month======

2016-12-21 17:32:44 ----D---- C:\Windows\Prefetch
2016-12-21 17:32:30 ----RD---- C:\Program Files
2016-12-21 17:32:28 ----D---- C:\Windows\Temp
2016-12-21 17:20:35 ----D---- C:\Windows
2016-12-21 17:15:52 ----D---- C:\Windows\Tasks
2016-12-21 17:15:41 ----A---- C:\Windows\KMSEmulator.exe
2016-12-21 17:14:03 ----D---- C:\Windows\Panther
2016-12-21 17:14:03 ----D---- C:\Windows\inf
2016-12-21 17:14:02 ----D---- C:\Windows\Logs
2016-12-21 17:14:02 ----D---- C:\Windows\debug
2016-12-21 17:08:36 ----D---- C:\Windows\System32
2016-12-21 17:08:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-12-21 17:03:48 ----D---- C:\Windows\system32\config
2016-12-16 19:04:40 ----D---- C:\Windows\rescache
2016-12-16 18:27:43 ----D---- C:\Windows\winsxs
2016-12-16 18:25:36 ----D---- C:\Windows\system32\en-US
2016-12-16 18:25:36 ----D---- C:\Windows\system32\drivers
2016-12-16 18:25:36 ----D---- C:\Windows\system32\cs-CZ
2016-12-16 18:25:36 ----D---- C:\Program Files\Internet Explorer
2016-12-16 18:25:33 ----D---- C:\Windows\system32\Boot
2016-12-16 18:18:39 ----D---- C:\Windows\Microsoft.NET
2016-12-16 18:15:05 ----RSD---- C:\Windows\assembly
2016-12-16 18:10:18 ----SHD---- C:\Windows\Installer
2016-12-16 18:10:16 ----D---- C:\ProgramData\Microsoft Help
2016-12-16 18:09:39 ----D---- C:\Windows\system32\MRT
2016-12-16 18:07:21 ----AC---- C:\Windows\system32\MRT.exe
2016-12-16 18:01:39 ----D---- C:\Windows\system32\catroot2
2016-12-16 18:00:33 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-11-12 71304]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-11-12 206472]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-11-12 156288]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-11-12 162952]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-11-12 52872]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-11-12 122496]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2016-03-01 87568]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 30752]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-12 2167696]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office  Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 22 pro 2016 22:04

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

badboy.majkl · #3 Příspěvek od **badboy.majkl** » 31 pro 2016 14:09

Tady je výsledný LOG

Kód: Vybrat vše

# AdwCleaner v6.041 - Log vytvořen 31/12/2016 v 14:03:01
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-30.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X86)
# Uživatelské jméno : Helča - HELCA-PC
# Spuštěno z : C:\Users\Helča\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [815 Bajty] - [31/12/2016 14:03:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [1386 Bajty] - [31/12/2016 14:02:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [960 Bajty] ##########

#4 Příspěvek od **Rudy** » 31 pro 2016 15:51

Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\WINDOWS\AutoKMS
C:\Windows\tasks\AutoKMS.job

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

badboy.majkl · #5 Příspěvek od **badboy.majkl** » 07 led 2017 17:59

Provedeno. Bohužel při prvním pokusu se celé PC zaseklo a nic nešlo, takže reset natvrdo. Pak jsem celý proces zopakoval a to už fungovalo správně. Zde je LOG

Kód: Vybrat vše

All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\AutoKMS not found.
File/Folder C:\Windows\tasks\AutoKMS.job not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Helča
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 8163285 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3416 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 15674 bytes
 
Total Files Cleaned = 8,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Helča
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01072017_174645

#6 Příspěvek od **Rudy** » 07 led 2017 18:10

Smazáno. Log je již OK.

VIRY.CZ

Preventivní kontrola

Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola