Nefunguje mi FRST ani RSIT na vytvoreni logu

[Marketa91]

Vsak co jsem asi udelala? Vse co MBAM nalezl jsem dala do karanteny, podruhe po skenu uz nenasel nic, a dala jsem export log a dala ho do minuleho prispevku

[Márty84]

Zdravim

Omlouvam se za vstup

Jen jednorazove zaskocim, at se to urychli

Vsak co jsem asi udelala?

Pisete, ze v druhem skenu uz nic nenasel, ale dala jste tu log, kde je nalezu hafo. Omylem jste tu nejspis dala log z prvniho testu. Pokud byl druhy opravdu bez nalezu, dejte tady kolegovi novy log z RSIT, jak psal

[Marketa91]

Tohle je LOG Z programu RSIT z plochy: (haze sice error, ale vytvori na C slozku a log)

Logfile of random's system information tool 1.10 (written by random/random)
Run by Markéta at 2014-11-23 13:30:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 96 GB (14%) free of 670 GB
Total RAM: 3959 MB (23% free)


======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe"
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\system32\WLANExt.exe 28959024
\??\C:\windows\system32\conhost.exe "-15313263592761553022118432266-194945012819205147541754248904-1021806549-1086842054
taskeng.exe {0838263D-0D5E-4853-9E71-79F485EFFA3C}
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe"
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\system32\HPSIsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe"
C:\windows\SysWOW64\IoctlSvc.exe
C:\windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
WLIDSvcM.exe 3224
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe" KMPProcess
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-08c06bed-bc41-46fa-81d8-20948a8ab980 -SystemEventPortName:HostProcess-85e94730-f77d-49a9-8ba7-716295145e5a -IoCancelEventPortName:HostProcess-1b78fd9b-2fa9-441c-979c-33394776685d -NonStateChangingEventPortName:HostProcess-a101c478-f4d1-48d1-93b9-8ad28c5d0721 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:442122f3-97dc-489b-b642-47798fd539c2 -DeviceGroupId:WpdFsGroup
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\windows\system32\Dwm.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" -Embedding
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\PDF24\pdf24.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe" -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Markéta\Documents\Vysoká škola\ČVUT\1.ročník\Management\Zápočet - seminárka.docx"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\splwow64.exe 8192
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5660.0.1661901271\197271835" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22,26 --gpu-vendor-id=0x10de --gpu-device-id=0x0a70 --gpu-driver-vendor=NVIDIA --gpu-driver-version=8.16.11.8990 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/default/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="5660.8.1421445352\941081983" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5660.12.1892384708\1424340505" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "C:\Users\Meggy\Downloads\zaverecna_prace.pdf"
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=5536.0.1882934797 --type=renderer "C:\Users\Meggy\Downloads\zaverecna_prace.pdf"

C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/NetworkConnectivity/disable_network_stats/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/default/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="5660.17.2116442858\1132811746" /prefetch:673131151
explorer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Meggy\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1750046471-880827746-591120461-1000Core.job - C:\Users\Markéta\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1750046471-880827746-591120461-1000UA.job - C:\Users\Markéta\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskMachineUA1cfec9359ad7486.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\schedule!1143840799.job - C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe /schedule /profile "c:\programdata\bettersoft\continuetosave\1143840799.ini"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-04-07 2471744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88FB0583-0314-4D0B-22B8-DA254CB7BD54}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0E0D198-C9E9-88E1-D8DD-A761273ED41A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-05 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-12 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
Ads Removal - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-02-25 464720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2014-02-20 669504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-12 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-22 521272]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2010-04-12 4462496]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2010-03-18 7056800]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-02-24 5581888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe /AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppsHat]
C:\Users\Markéta\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\Markéta\AppData\Roaming\Seznam.cz\szninstall.exe -c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\Markéta\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
C:\Program Files\Elantech\ETDCtrl.exe [2010-06-24 2598280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Markéta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Markéta\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_97FC1F4BC09EE33098D82DFFA82B2FDA]
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2013-12-04 863184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemListener]
C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\windows\system32\NvCpl.dll [2010-05-07 16416360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnekeyStudio]
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2009-12-19 776608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Markéta\AppData\Roaming\QipGuard\QipGuard.exe /p []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08 21446272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall C:]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2012-02-28 1679360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2010-03-02 171104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Markéta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
C:\Users\MARKTA~1\AppData\Local\Facebook\MESSEN~1\214651~1.0\FACEBO~1.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
""= []
"HPUsageTrackingLEDM"=C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [2009-10-15 30264]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-02-12 43848]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2013-12-12 707472]
"PDFPrint"=C:\Program Files (x86)\PDF24\pdf24.exe [2014-02-04 186408]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-05-15 152392]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [2014-10-01 54072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[Marketa91]

Zdravim

Omlouvam se za vstup

Jen jednorazove zaskocim, at se to urychli

Vsak co jsem asi udelala?

Pisete, ze v druhem skenu uz nic nenasel, ale dala jste tu log, kde je nalezu hafo. Omylem jste tu nejspis dala log z prvniho testu. Pokud byl druhy opravdu bez nalezu, dejte tady kolegovi novy log z RSIT, jak psal

Prave ze jsem tu dala log, ktery jsem exportovala po dokonceni skenu programem Malwarebytes Anti Malware, kdyz program ukoncil sken s tim, ze nic nenalezl...Ted jsem restartovala pocitac a udelala to znova.. tak ho znovu davam.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23.11.2014
Scan Time: 13:33:21
Logfile: log.txt
Administrator: No

Version: 2.00.3.1025
Malware Database: v2014.11.23.04
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Meggy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266936
Time Elapsed: 25 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Marketa91]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23.11.2014
Scan Time: 13:33:21
Logfile: log.txt
Administrator: No

Version: 2.00.3.1025
Malware Database: v2014.11.23.04
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Meggy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266936
Time Elapsed: 25 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1750046471-880827746-591120461-1000Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1750046471-880827746-591120461-1000UA.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskMachineUA1cfec9359ad7486.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88FB0583-0314-4D0B-22B8-DA254CB7BD54}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0E0D198-C9E9-88E1-D8DD-A761273ED41A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Markéta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Log není kompletní. Doporučuji odinstalovat IOBit. Důvod: http://forum.viry.cz/viewtopic.php?f=14 ... ilit=iobit .

[Marketa91]

provedeno, scan MBAM - log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23.11.2014
Scan Time: 14:40:57
Logfile: LOG.txt
Administrator: No

Version: 2.00.3.1025
Malware Database: v2014.11.23.04
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Meggy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266062
Time Elapsed: 21 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Rudy]

Systém je čistý.

[Marketa91]

Díky

[Rudy]

Rádo se stalo!