Domovská stránka hp.myway.com/easypdfcombine...

Zpráva

jasanek · #1 Příspěvek od **jasanek** » 26 pro 2016 13:24

Dobrý den.
U tchána na počítači se po návštěvě nějakých stránek švagrem změnila domovská stránka.
Po změně se zase vrátí sama nazpátek. Přídalo to i lištu. Děkuji.

Logfile of random's system information tool 1.14 (written by random/random)
Run by A1 at 2016-12-26 13:21:37
WIN_XP Service Pack 3
System drive C: has 154 GB (81%) free of 191 GB
Total RAM: 2046 MB (59% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:22:32, on 26.12.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\A1\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\A1_RSIT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=14947
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2025429265-879983540-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: AMW Service (pbamw_service) - Unknown owner - C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4969 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\SafeZone scheduled Autoupdate 1466141459.job - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job - C:\Program Files\Ask.com\UpdateTask.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default

prefs.js - "browser.startup.homepage" - "http://hp.myway.com/easypdfcombine/ttab ... GwodDN8JtQ"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\
toolbar@ask.com
_ceMembers_@free.easypdfcombine.com

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\searchplugins\
askcom.xml

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\addons.json
All-in-One Sidebar - extension - {097d3191-e6fa-4728-9826-b533d755359d}
- extension - toolbar@ask.com

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions.json
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Microsoft .NET Framework Assistant - extension - {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
All-in-One Sidebar - extension - {097d3191-e6fa-4728-9826-b533d755359d} - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
EasyPDFCombine - extension - _ceMembers_@free.easypdfcombine.com - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\_ceMembers_@free.easypdfcombine.com
Ask Toolbar - extension - toolbar@ask.com - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\toolbar@ask.com
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\pluginreg.dat
Plugin - Windows Media Player Plug-in Dynamic Link Library - 3.0.2.629 - C:\Program Files\Windows Media Player\npdsplay.dll
Plugin - Microsoft® DRM - 9.0.0.4503 - C:\Program Files\Windows Media Player\npwmsdrm.dll
Plugin - Microsoft® DRM - 9.0.0.4503 - C:\Program Files\Windows Media Player\npdrmv2.dll
Plugin - Adobe Acrobat - 11.0.8.4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Plugin - Adobe Acrobat - 11.0.8.4 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Plugin - VLC Web Plugin - 2.2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Windows Presentation Foundation - 3.5.30729.1 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Plugin - Shockwave Flash - 23.0.0.207 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll

=========Google Chrome=========

C:\Documents and Settings\A1\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.12.4
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.124
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.31
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.2.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Homepage:
default_search_provider.search_url:
C:\Documents and Settings\A1\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://search.live.com/results.aspx?q={ ... rer:source?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}]
"URL"=http://search.seznam.cz/?sourceid=quick ... earchTerms}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-15 679680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-01-24 1521800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-01-24 1521800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-06-27 7408312]
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd []
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2013-01-24 1646216]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX218 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [2009-09-14 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ArcSoft Products and Bonus Offers.url]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\ArcSoft Products and Bonus Offers.url []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WebCam Companion 4.lnk]
C:\PROGRA~1\ArcSoft\WEBCAM~2\UMCEDV~1.EXE [2010-12-23 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^±Ň°ĘşëĆF.lnk]
C:\PROGRA~1\ArcSoft\WEBCAM~2\Utility.exe [2010-06-21 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2016-12-26 13:21:37 ----D---- C:\rsit
2016-12-26 13:21:37 ----D---- C:\Program Files\trend micro
2016-12-14 00:42:29 ----D---- C:\Program Files\Mozilla Firefox
2016-12-08 12:59:51 ----D---- C:\Program Files\Mozilla Thunderbird
2016-12-06 20:39:05 ----D---- C:\Program Files\Microsoft.NET
2016-12-06 20:37:55 ----D---- C:\Program Files\Plumbytes Software

======List of files/folders modified in the last 1 month======

2016-12-26 13:21:43 ----D---- C:\WINDOWS\Prefetch
2016-12-26 13:21:37 ----RD---- C:\Program Files
2016-12-26 12:58:32 ----D---- C:\Documents and Settings\A1\Data aplikací\Skype
2016-12-26 08:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-12-25 20:42:57 ----D---- C:\WINDOWS\Temp
2016-12-21 18:16:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\ProductData
2016-12-18 23:48:22 ----D---- C:\WINDOWS\system32
2016-12-18 10:59:02 ----SHD---- C:\WINDOWS\Installer
2016-12-16 21:54:54 ----SD---- C:\WINDOWS\Tasks
2016-12-14 11:20:33 ----D---- C:\Documents and Settings\A1\Data aplikací\Ancestry
2016-12-14 10:44:39 ----D---- C:\Program Files\Mozilla Maintenance Service
2016-12-07 13:35:11 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2016-12-06 22:22:53 ----A---- C:\WINDOWS\win.ini
2016-12-06 22:21:58 ----D---- C:\WINDOWS\system32\CatRoot2
2016-12-06 22:21:45 ----SD---- C:\WINDOWS\system32\Microsoft
2016-12-06 20:58:20 ----D---- C:\WINDOWS\Microsoft.NET
2016-12-06 20:58:18 ----RSD---- C:\WINDOWS\assembly
2016-12-06 20:42:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-06 20:39:52 ----D---- C:\WINDOWS\WinSxS
2016-12-06 20:39:18 ----D---- C:\WINDOWS\system32\en-US
2016-12-06 20:01:40 ----D---- C:\Program Files\Ask.com
2016-12-02 18:02:14 ----D---- C:\faktura-2016
2016-12-02 16:49:31 ----D---- C:\WINDOWS
2016-11-29 20:52:41 ----D---- C:\WINDOWS\Help

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-06-15 58776]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-08-05 224616]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2016-06-15 35096]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2016-06-15 64272]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-06-15 815792]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-06-15 449640]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2016-06-15 32792]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2016-06-15 91168]
R3 aswStmXP;Avast StreamFilter Driver; C:\WINDOWS\system32\drivers\aswStmXP.sys [2016-06-15 187208]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-12 3489280]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface; C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 1310720]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-12-21 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-12-21 13056]
R3 PAC7302;PC VGA Camer@ Plus; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2013-06-28 1763584]
S3 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2016-06-15 67216]
S3 atikmdag;atikmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2007-12-18 2773504]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-06-15 243296]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-07 144200]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2015-10-09 2934048]
S2 pbamw_service;AMW Service; C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe run []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08 270016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-07 144200]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-14 172488]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; %SystemRoot%\system32\svchost.exe -k WudfServiceGroup;"ServiceDll"=%SystemRoot%\System32\WUDFSvc.dll
S4 Ati External Event Utility;Ati External Event Utility; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-12 602112]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-12 602112]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 26 pro 2016 13:55

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

jasanek · #3 Příspěvek od **jasanek** » 26 pro 2016 14:37

# AdwCleaner v6.041 - Log vytvořen 26/12/2016 v 14:33:56
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.1 [Server]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : A1 - ATHLON-5000PLUS
# Spuštěno z : C:\Documents and Settings\A1\Plocha\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka smazána: C:\Program Files\Ask.com
[-] Složka smazána: C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
[-] Složka smazána: C:\DOCUME~1\A1\LOCALS~1\Temp\AskSearch
[-] Složka smazána: C:\DOCUME~1\A1\LOCALS~1\Temp\APNLogs

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Scheduled Update for Ask Toolbar

***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-] Klíč smazán: HKU\S-1-5-21-2025429265-879983540-839522115-1004\Software\APN
[-] Klíč smazán: HKU\S-1-5-21-2025429265-879983540-839522115-1004\Software\Ask.com
[-] Klíč smazán: HKU\S-1-5-21-2025429265-879983540-839522115-1004\Software\AskToolbar
[-] Klíč smazán: HKU\S-1-5-21-2025429265-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Klíč smazán: HKU\S-1-5-21-2025429265-879983540-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[#] Klíč smazán po restartu: HKCU\Software\APN
[#] Klíč smazán po restartu: HKCU\Software\Ask.com
[#] Klíč smazán po restartu: HKCU\Software\AskToolbar
[-] Klíč smazán: HKLM\SOFTWARE\APN
[-] Klíč smazán: HKLM\SOFTWARE\AskToolbar
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
[-] Data obnovena: HKU\S-1-5-21-2025429265-879983540-839522115-1004\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKU\S-1-5-21-2025429265-879983540-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{ACC17805-AC76-4035-BC87-985E46F550B8}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ACC17805-AC76-4035-BC87-985E46F550B8}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8691 Bajty] - [26/12/2016 14:33:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [8828 Bajty] - [26/12/2016 14:33:33]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8837 Bajty] ##########

#4 Příspěvek od **Rudy** » 26 pro 2016 15:15

Dejte nový log RSIT.

jasanek · #5 Příspěvek od **jasanek** » 26 úno 2017 15:16

Logfile of random's system information tool 1.14 (written by random/random)
Run by A1 at 2017-02-26 15:15:39
WIN_XP Service Pack 3
System drive C: has 158 GB (83%) free of 191 GB
Total RAM: 2046 MB (67% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:15:48, on 26.2.2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\A1\Plocha\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\A1_RSIT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2025429265-879983540-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: AMW Service (pbamw_service) - Unknown owner - C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4456 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\SafeZone scheduled Autoupdate 1466141459.job - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default

prefs.js - "browser.startup.homepage" - "http://hp.myway.com/easypdfcombine/ttab ... GwodDN8JtQ"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\
toolbar@ask.com
_ceMembers_@free.easypdfcombine.com

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\searchplugins\
askcom.xml

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\addons.json
All-in-One Sidebar - extension - {097d3191-e6fa-4728-9826-b533d755359d}
- extension - toolbar@ask.com

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions.json
Microsoft .NET Framework Assistant - extension - {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
All-in-One Sidebar - extension - {097d3191-e6fa-4728-9826-b533d755359d} - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
Ask Toolbar - extension - toolbar@ask.com - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\toolbar@ask.com
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Avast SafePrice - extension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
EasyPDFCombine - extension - _ceMembers_@free.easypdfcombine.com - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\_ceMembers_@free.easypdfcombine.com
Diagnostics - extension - diagnostics@mozilla.org - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\features\{b7f560b2-9056-4195-bd71-ebf670c84c12}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\features\{b7f560b2-9056-4195-bd71-ebf670c84c12}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\features\{b7f560b2-9056-4195-bd71-ebf670c84c12}\disableSHA1rollout@mozilla.org.xpi

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\pluginreg.dat
Plugin - Windows Media Player Plug-in Dynamic Link Library - 3.0.2.629 - C:\Program Files\Windows Media Player\npdsplay.dll
Plugin - Microsoft® DRM - 9.0.0.4503 - C:\Program Files\Windows Media Player\npwmsdrm.dll
Plugin - Microsoft® DRM - 9.0.0.4503 - C:\Program Files\Windows Media Player\npdrmv2.dll
Plugin - Adobe Acrobat - 11.0.8.4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Plugin - Adobe Acrobat - 11.0.8.4 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Plugin - VLC Web Plugin - 2.2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Windows Presentation Foundation - 3.5.30729.1 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Plugin - Shockwave Flash - 23.0.0.207 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll

=========Google Chrome=========

C:\Documents and Settings\A1\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.12.4
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.124
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.31
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.2.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Homepage:
default_search_provider.search_url:
C:\Documents and Settings\A1\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://search.live.com/results.aspx?q={ ... rer:source?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}]
"URL"=http://search.seznam.cz/?sourceid=quick ... earchTerms}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-02 664848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-02 9080768]
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd []
""= []
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX218 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [2009-09-14 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ArcSoft Products and Bonus Offers.url]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\ArcSoft Products and Bonus Offers.url []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WebCam Companion 4.lnk]
C:\PROGRA~1\ArcSoft\WEBCAM~2\UMCEDV~1.EXE [2010-12-23 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^±Ň°ĘşëĆF.lnk]
C:\PROGRA~1\ArcSoft\WEBCAM~2\Utility.exe [2010-06-21 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2017-02-12 20:31:19 ----D---- C:\Program Files\Mozilla Thunderbird

======List of files/folders modified in the last 1 month======

2017-02-26 15:15:46 ----D---- C:\WINDOWS\Prefetch
2017-02-26 15:15:40 ----D---- C:\Program Files\trend micro
2017-02-26 15:12:05 ----D---- C:\WINDOWS\Temp
2017-02-26 15:10:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2017-02-26 15:09:54 ----D---- C:\AdwCleaner
2017-02-25 20:26:57 ----D---- C:\WINDOWS\system32\drivers
2017-02-24 18:45:41 ----D---- C:\WINDOWS\system32
2017-02-23 22:06:12 ----D---- C:\Documents and Settings\A1\Data aplikací\Skype
2017-02-22 21:57:33 ----D---- C:\Documents and Settings\A1\Data aplikací\Ancestry
2017-02-21 16:37:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ProductData
2017-02-15 13:22:45 ----D---- C:\WINDOWS\system32\Macromed
2017-02-13 18:56:38 ----D---- C:\Program Files\Mozilla Maintenance Service
2017-02-12 21:29:43 ----RD---- C:\Program Files
2017-02-09 13:15:49 ----D---- C:\Documents and Settings\A1\Data aplikací\vlc
2017-01-27 08:52:46 ----D---- C:\Program Files\Mozilla Firefox

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2017-01-02 60424]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2017-01-02 224752]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-01-02 35096]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2017-01-02 64272]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2017-01-02 735488]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2017-01-02 433768]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2017-01-02 92256]
R3 aswStmXP;Avast StreamFilter Driver; C:\WINDOWS\system32\drivers\aswStmXP.sys [2017-01-02 184592]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-12 3489280]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface; C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 1310720]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-12-21 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-12-21 13056]
R3 PAC7302;PC VGA Camer@ Plus; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2013-06-28 1763584]
S3 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2017-01-02 34008]
S3 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2017-01-02 66688]
S3 atikmdag;atikmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2007-12-18 2773504]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-02 197128]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-07 144200]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2015-10-09 2934048]
S2 pbamw_service;AMW Service; C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe run []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08 270016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-07 144200]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-27 172488]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; %SystemRoot%\system32\svchost.exe -k WudfServiceGroup;"ServiceDll"=%SystemRoot%\System32\WUDFSvc.dll
S4 Ati External Event Utility;Ati External Event Utility; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-12 602112]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-12 602112]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 26 úno 2017 18:14

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"StubPath"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

jasanek · #7 Příspěvek od **jasanek** » 26 úno 2017 18:28

Děkuji.

Logfile of random's system information tool 1.14 (written by random/random)
Run by A1 at 2017-02-26 18:26:32
WIN_XP Service Pack 3
System drive C: has 160 GB (84%) free of 191 GB
Total RAM: 2046 MB (77% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:26:57, on 26.2.2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\A1\Plocha\RSIT.exe
C:\Program Files\trend micro\A1_RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2025429265-879983540-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: AMW Service (pbamw_service) - Unknown owner - C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4549 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\SafeZone scheduled Autoupdate 1466141459.job - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default

prefs.js - "browser.startup.homepage" - "http://hp.myway.com/easypdfcombine/ttab ... GwodDN8JtQ"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\
toolbar@ask.com
_ceMembers_@free.easypdfcombine.com

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\searchplugins\
askcom.xml

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\addons.json
All-in-One Sidebar - extension - {097d3191-e6fa-4728-9826-b533d755359d}
- extension - toolbar@ask.com

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions.json
Microsoft .NET Framework Assistant - extension - {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
All-in-One Sidebar - extension - {097d3191-e6fa-4728-9826-b533d755359d} - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
Ask Toolbar - extension - toolbar@ask.com - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\toolbar@ask.com
Avast Online Security - extension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
Avast SafePrice - extension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
EasyPDFCombine - extension - _ceMembers_@free.easypdfcombine.com - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\_ceMembers_@free.easypdfcombine.com
Diagnostics - extension - diagnostics@mozilla.org - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\features\{b7f560b2-9056-4195-bd71-ebf670c84c12}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\features\{b7f560b2-9056-4195-bd71-ebf670c84c12}\hsts-priming@mozilla.org.xpi
SHA-1 deprecation staged rollout - extension - disableSHA1rollout@mozilla.org - C:\Documents and Settings\A1\Data aplikacÃ\Mozilla\Firefox\Profiles\vpfxox5h.default\features\{b7f560b2-9056-4195-bd71-ebf670c84c12}\disableSHA1rollout@mozilla.org.xpi

C:\Documents and Settings\A1\Data aplikací\Mozilla\Firefox\Profiles\vpfxox5h.default\pluginreg.dat
Plugin - Windows Media Player Plug-in Dynamic Link Library - 3.0.2.629 - C:\Program Files\Windows Media Player\npdsplay.dll
Plugin - Microsoft® DRM - 9.0.0.4503 - C:\Program Files\Windows Media Player\npwmsdrm.dll
Plugin - Microsoft® DRM - 9.0.0.4503 - C:\Program Files\Windows Media Player\npdrmv2.dll
Plugin - Adobe Acrobat - 11.0.8.4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Plugin - Adobe Acrobat - 11.0.8.4 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Plugin - VLC Web Plugin - 2.2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Windows Presentation Foundation - 3.5.30729.1 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Plugin - Shockwave Flash - 23.0.0.207 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll

=========Google Chrome=========

C:\Documents and Settings\A1\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.12.4
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.124
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.31
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.2.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Homepage:
default_search_provider.search_url:
C:\Documents and Settings\A1\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://search.live.com/results.aspx?q={ ... rer:source?}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}]
"URL"=http://search.seznam.cz/?sourceid=quick ... earchTerms}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-02 664848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2017-01-02 9080768]
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd []
""= []
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX218 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [2009-09-14 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ArcSoft Products and Bonus Offers.url]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\ArcSoft Products and Bonus Offers.url []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WebCam Companion 4.lnk]
C:\PROGRA~1\ArcSoft\WEBCAM~2\UMCEDV~1.EXE [2010-12-23 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^±Ň°ĘşëĆF.lnk]
C:\PROGRA~1\ArcSoft\WEBCAM~2\Utility.exe [2010-06-21 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2017-02-26 18:16:58 ----D---- C:\_OTM
2017-02-12 20:31:19 ----D---- C:\Program Files\Mozilla Thunderbird

======List of files/folders modified in the last 1 month======

2017-02-26 18:26:38 ----D---- C:\Program Files\trend micro
2017-02-26 18:26:25 ----D---- C:\WINDOWS\Temp
2017-02-26 18:24:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2017-02-26 18:23:54 ----D---- C:\WINDOWS\Prefetch
2017-02-26 18:19:51 ----D---- C:\WINDOWS\system32
2017-02-26 18:19:51 ----D---- C:\WINDOWS
2017-02-26 18:16:59 ----SD---- C:\WINDOWS\Tasks
2017-02-26 15:15:51 ----D---- C:\WINDOWS\system32\CatRoot2
2017-02-26 15:09:54 ----D---- C:\AdwCleaner
2017-02-25 20:26:57 ----D---- C:\WINDOWS\system32\drivers
2017-02-23 22:06:12 ----D---- C:\Documents and Settings\A1\Data aplikací\Skype
2017-02-22 21:57:33 ----D---- C:\Documents and Settings\A1\Data aplikací\Ancestry
2017-02-21 16:37:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ProductData
2017-02-15 13:22:45 ----D---- C:\WINDOWS\system32\Macromed
2017-02-13 18:56:38 ----D---- C:\Program Files\Mozilla Maintenance Service
2017-02-12 21:29:43 ----RD---- C:\Program Files
2017-02-09 13:15:49 ----D---- C:\Documents and Settings\A1\Data aplikací\vlc
2017-01-27 08:52:46 ----D---- C:\Program Files\Mozilla Firefox

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2017-01-02 60424]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2017-01-02 224752]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-01-02 35096]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2017-01-02 64272]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2017-01-02 735488]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2017-01-02 433768]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2017-01-02 92256]
R3 aswStmXP;Avast StreamFilter Driver; C:\WINDOWS\system32\drivers\aswStmXP.sys [2017-01-02 184592]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-12 3489280]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface; C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 1310720]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-12-21 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-12-21 13056]
R3 PAC7302;PC VGA Camer@ Plus; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2013-06-28 1763584]
S3 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2017-01-02 34008]
S3 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2017-01-02 66688]
S3 atikmdag;atikmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2007-12-18 2773504]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-01-02 197128]
R2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2016-09-20 324224]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-07 144200]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2015-10-09 2934048]
S2 pbamw_service;AMW Service; C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe run []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08 270016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-07 144200]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-27 172488]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; %SystemRoot%\system32\svchost.exe -k WudfServiceGroup;"ServiceDll"=%SystemRoot%\System32\WUDFSvc.dll
S4 Ati External Event Utility;Ati External Event Utility; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-12 602112]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-12 602112]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 26 úno 2017 18:38

Dvouklikem na soubor spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2025429265-879983540-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

jasanek · #9 Příspěvek od **jasanek** » 26 úno 2017 18:51

Děkuji, zatím se to zdá být dobrý.

jasanek · #10 Příspěvek od **jasanek** » 26 úno 2017 18:56

Tak ne. Když jsem změnil domovskou stránku a vypnul a zapnul. Tak to otravuje.

EDIT: Tak jsem ještě odstranil rozšíření firefoxu pdf combine a zatím se tedy zdá být vše OK.

#11 Příspěvek od **Rudy** » 26 úno 2017 19:46

Proveďte ještě tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

jasanek · #12 Příspěvek od **jasanek** » 19 bře 2017 14:35

Děkuji.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Microsoft Windows XP x86
Ran by A1 (Limited) on ne 19.03.2017 at 14:29:51,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 12

Successfully deleted: C:\Documents and Settings\A1\Data aplikacˇ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\toolbar@ask.com (Folder)
Successfully deleted: C:\Documents and Settings\A1\Data aplikacˇ\Mozilla\Firefox\Profiles\vpfxox5h.default\extensions\toolbar@ask.com\searchplugins\askcom.xml (File)
Successfully deleted: C:\Documents and Settings\A1\Data aplikacˇ\Mozilla\Firefox\Profiles\vpfxox5h.default\searchplugins\askcom.xml (File)
Successfully deleted: C:\Documents and Settings\A1\Data aplikacˇ\productdata (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\106D02DE (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1GDJQFTO (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GA8AX6YF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GZCSIT80 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\106D02DE (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1GDJQFTO (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GA8AX6YF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GZCSIT80 (Temporary Internet Files Folder)

Deleted the following from C:\Documents and Settings\A1\Data aplikacˇ\Mozilla\Firefox\Profiles\vpfxox5h.default\prefs.js
user_pref(browser.search.defaultengine, Ask.com);
user_pref(browser.search.defaultenginename, Ask.com);
user_pref(browser.search.order.1, Ask.com);
user_pref(browser.search.selectedEngine, Ask.com);
user_pref(extensions.asktb.ff-original-keyword-url, );
user_pref(extensions.toolbar.mindspark.hp.enabled, false);
user_pref(extensions.toolbar.mindspark.lastInstalled, easypdfcombine@mindspark.com);
user_pref(extensions.xpiState, {\app-profile\:{\toolbar@ask.com\:{\d\:\C:\\\\Documents and Settings\\\\A1\\\\Data aplikacĂ\\\\Mozilla\\\\Firefox\\\\Profiles\\\\vpfx

Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 19.03.2017 at 14:30:40,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#13 Příspěvek od **Rudy** » 19 bře 2017 17:02

Změnilo se něco nyní?

VIRY.CZ

Domovská stránka hp.myway.com/easypdfcombine...

Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...

Re: Domovská stránka hp.myway.com/easypdfcombine...