VIRY.CZ

Dobrý den, asi před týdnem se mi neskutečně zpomalil celý počítač. Aby toho nebylo málo, ještě se čas od času zasekne a rozjede se opět asi za 5 minut a potom spustí vše, na co bylo v mezičase kliknuto. A tyto záseky se stávají i čas od času pouze pro okno prohlížeče. Přikládám log z RSIT.

Logfile of random's system information tool 1.09 (written by random/random)
Run by User at 2013-05-26 18:36:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 124 GB (52%) free of 238 GB
Total RAM: 1023 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:22, on 26.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\User\Downloads\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: run=C:\Users\User\DOCUME~1\WINRAR~1\WINRAR~1.EXE
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7577 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4244522806-1124934022-3224625945-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4244522806-1124934022-3224625945-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3s6fbxtz.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{34712C68-7391-4c47-94F3-8F88D49AD632}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader Peppe rFlash Video Shim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]
"Description"=RealDownloader Plugin
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29 539888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-06 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-06 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-03-19 2029640]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-11-02 36864]
"TkBellExe"=c:\program files\real\realplayer\Update\realsched.exe [2012-12-22 295072]
"HTC Sync Loader"=C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-05-29 655360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"Google Update"=C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 116648]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"AdobeBridge"= []
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 354304]

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-05-22 10:47:25 ----D---- C:\Program Files\CCleaner
2013-05-15 22:47:22 ----A---- C:\Windows\system32\jscript.dll
2013-05-15 22:47:21 ----A---- C:\Windows\system32\jscript9.dll
2013-05-15 22:47:20 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-15 22:47:19 ----A---- C:\Windows\system32\ieui.dll
2013-05-15 22:47:19 ----A---- C:\Windows\system32\iesetup.dll
2013-05-15 22:47:17 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-15 22:47:16 ----A---- C:\Windows\system32\iernonce.dll
2013-05-15 22:47:16 ----A---- C:\Windows\system32\ie4uinit.exe
2013-05-15 22:47:15 ----A---- C:\Windows\system32\urlmon.dll
2013-05-15 22:47:15 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-05-15 22:47:15 ----A---- C:\Windows\system32\iesysprep.dll
2013-05-15 22:47:13 ----A---- C:\Windows\system32\iertutil.dll
2013-05-15 22:47:09 ----A---- C:\Windows\system32\wininet.dll
2013-05-15 22:47:05 ----A---- C:\Windows\system32\ieframe.dll
2013-05-15 22:46:52 ----A---- C:\Windows\system32\mshtml.dll
2013-05-15 16:25:49 ----A---- C:\Windows\system32\shell32.dll
2013-05-15 16:25:48 ----A---- C:\Windows\system32\consent.exe
2013-05-15 16:25:48 ----A---- C:\Windows\system32\authui.dll
2013-05-15 16:25:47 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-15 16:25:47 ----A---- C:\Windows\system32\appinfo.dll
2013-05-15 16:24:47 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-15 16:24:47 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-15 16:24:44 ----A---- C:\Windows\system32\win32k.sys
2013-05-15 16:24:00 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 16:23:59 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-08 16:57:04 ----D---- C:\Program Files\Plus500
2013-04-29 21:22:20 ----D---- C:\Program Files\Intel
2013-04-29 21:22:20 ----A---- C:\Windows\system32\CSVer.dll
2013-04-29 21:21:36 ----D---- C:\Intel
2013-04-29 21:19:52 ----A---- C:\Windows\TVNXPDrv.ini
2013-04-29 21:19:52 ----A---- C:\Windows\nxpunist.exe
2013-04-29 21:19:37 ----D---- C:\Program Files\KWorld MultiMedia
2013-04-29 21:19:27 ----A---- C:\Windows\system32\drivers\3xHybrid.sys
2013-04-29 21:19:27 ----A---- C:\Windows\system32\34CoInstaller.dll
2013-04-29 21:18:01 ----D---- C:\Windows\system32\RTCOM
2013-04-29 21:16:53 ----A---- C:\Windows\system32\WavesLib.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\WavesGUILib.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\tosade.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\TepeqAPO.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\tadefxapo2.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\tadefxapo.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\SRSWOW.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\SRSTSXT.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\SRSTSHD.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\SRSHP360.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\SFSS_APO.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\SFNHK.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\SFCOM.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\SFAPO.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkPgExt.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkCoLDR.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkCoInstII.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkApoApi.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkAPO.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RTEEP32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RTEEL32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RTEEG32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RTEED32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RP3DHT32.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RP3DAA32.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RCoRes.dat
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EEP32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EEL32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EEG32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EED32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EEA32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\MaxxAudioRealtek2.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\MaxxAudioRealtek.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioAPOShell.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\KAAPORT.dll
2013-04-29 21:16:49 ----D---- C:\Program Files\Realtek
2013-04-29 21:16:49 ----A---- C:\Windows\system32\FMAPO.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSU2PREC32.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSU2PLFX32.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSU2PGFX32.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSSymmetryDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSNeoPCDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSLimiterDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSLFXAPO.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSGFXAPONS.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSGFXAPO.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSBoostDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\AERTARen.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\AERTACap.dll
2013-04-29 21:16:16 ----HD---- C:\Program Files\Temp
2013-04-29 21:16:15 ----A---- C:\Windows\RtlExUpd.dll
2013-04-29 20:54:34 ----D---- C:\ProgramData\APN
2013-04-29 20:48:39 ----A---- C:\Windows\system32\drivers\DrvAgent32.sys
2013-04-29 20:46:04 ----D---- C:\Program Files\FinalWire

======List of files/folders modified in the last 1 month======

2013-05-26 18:37:06 ----D---- C:\Program Files\trend micro
2013-05-26 18:37:04 ----D---- C:\Windows\Temp
2013-05-26 18:32:51 ----D---- C:\Windows\system32\config
2013-05-26 18:19:59 ----D---- C:\Windows\Prefetch
2013-05-26 18:12:19 ----D---- C:\Windows\system32\Tasks
2013-05-24 21:49:13 ----SHD---- C:\System Volume Information
2013-05-24 21:31:44 ----D---- C:\Windows\Tasks
2013-05-24 12:33:36 ----D---- C:\Users\User\AppData\Roaming\AIMP3
2013-05-24 10:27:13 ----AD---- C:\Windows\System32
2013-05-24 10:27:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-24 10:27:12 ----D---- C:\Windows\inf
2013-05-22 19:52:48 ----D---- C:\Windows
2013-05-22 14:00:29 ----D---- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2013-05-22 14:00:19 ----D---- C:\Users\User\AppData\Roaming\Azureus
2013-05-22 11:04:12 ----D---- C:\Windows\Panther
2013-05-22 11:04:05 ----D---- C:\Windows\Minidump
2013-05-22 11:04:05 ----D---- C:\Windows\Logs
2013-05-22 11:04:05 ----D---- C:\Windows\debug
2013-05-22 10:30:12 ----SHD---- C:\Windows\Installer
2013-05-22 10:28:16 ----D---- C:\Windows\system32\drivers
2013-05-22 10:27:53 ----D---- C:\Program Files\Image-Line
2013-05-22 10:26:07 ----D---- C:\Program Files\Google
2013-05-16 17:38:19 ----D---- C:\Windows\rescache
2013-05-16 15:39:56 ----D---- C:\Windows\Microsoft.NET
2013-05-16 15:39:30 ----RSD---- C:\Windows\assembly
2013-05-16 15:32:39 ----D---- C:\Windows\winsxs
2013-05-16 15:29:44 ----D---- C:\Windows\AppPatch
2013-05-16 15:29:44 ----D---- C:\Program Files\Internet Explorer
2013-05-16 15:29:43 ----D---- C:\Windows\system32\cs-CZ
2013-05-15 22:47:46 ----D---- C:\Windows\system32\catroot
2013-05-15 22:47:45 ----D---- C:\Windows\system32\catroot2
2013-05-15 17:15:50 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-15 16:14:10 ----A---- C:\Windows\system32\MRT.exe
2013-05-06 20:13:11 ----D---- C:\Windows\system32\NDF
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
2013-04-29 21:23:06 ----D---- C:\Windows\system32\DriverStore
2013-04-29 21:16:48 ----HD---- C:\Program Files\InstallShield Installation Information
2013-04-29 21:16:07 ----D---- C:\Program Files\Common Files\InstallShield
2013-04-29 21:05:05 ----HD---- C:\ProgramData
2013-04-29 21:04:34 ----SD---- C:\Users\User\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-07-15 477240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 93312]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 3xHybrid;3xHybrid service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2000-01-01 1115392]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér; C:\Windows\system32\DRIVERS\l260x86.sys [2009-07-14 29184]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-03-19 113960]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3240400]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2005-01-19 22016]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PID_0928;Labtec WebCam(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2005-01-19 211712]
S3 a2cc7tin;a2cc7tin; C:\Windows\system32\drivers\a2cc7tin.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 DrvAgent32;DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [2013-04-29 23456]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-27 25088]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-09-25 23040]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-14 1311232]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-10-26 87368]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-17 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-03-19 20680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-17 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-28 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-20 1343400]

-----------------EOF-----------------

Upraveno o snad lepší LOG a záhadou se i zkrátil.

Zdravím, tohle fixni v HJT :

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

HJT najdeš zde :

C:\Program Files\trend micro\User.exe

Fix znamená že spustíš HJT Obrázek

jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

Nero BackItUp Scheduler 3

NMIndexingService

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Než budeme pokračovat tak mi sem dej pro kontrolu aktuální log z Rsit.

Logfile of random's system information tool 1.09 (written by random/random)
Run by User at 2013-05-27 19:23:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 124 GB (52%) free of 238 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:57, on 27.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\taskeng.exe
C:\Users\User\Downloads\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: run=C:\Users\User\DOCUME~1\WINRAR~1\WINRAR~1.EXE
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5763 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4244522806-1124934022-3224625945-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4244522806-1124934022-3224625945-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3s6fbxtz.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{34712C68-7391-4c47-94F3-8F88D49AD632}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader Peppe rFlash Video Shim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]
"Description"=RealDownloader Plugin
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29 539888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-06 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-06 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-03-19 2029640]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-11-02 36864]
"HTC Sync Loader"=C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-05-29 655360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"AdobeBridge"= []
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-05-22 10:47:25 ----D---- C:\Program Files\CCleaner
2013-05-15 22:47:22 ----A---- C:\Windows\system32\jscript.dll
2013-05-15 22:47:21 ----A---- C:\Windows\system32\jscript9.dll
2013-05-15 22:47:20 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-15 22:47:19 ----A---- C:\Windows\system32\ieui.dll
2013-05-15 22:47:19 ----A---- C:\Windows\system32\iesetup.dll
2013-05-15 22:47:17 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-15 22:47:16 ----A---- C:\Windows\system32\iernonce.dll
2013-05-15 22:47:16 ----A---- C:\Windows\system32\ie4uinit.exe
2013-05-15 22:47:15 ----A---- C:\Windows\system32\urlmon.dll
2013-05-15 22:47:15 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-05-15 22:47:15 ----A---- C:\Windows\system32\iesysprep.dll
2013-05-15 22:47:13 ----A---- C:\Windows\system32\iertutil.dll
2013-05-15 22:47:09 ----A---- C:\Windows\system32\wininet.dll
2013-05-15 22:47:05 ----A---- C:\Windows\system32\ieframe.dll
2013-05-15 22:46:52 ----A---- C:\Windows\system32\mshtml.dll
2013-05-15 16:25:49 ----A---- C:\Windows\system32\shell32.dll
2013-05-15 16:25:48 ----A---- C:\Windows\system32\consent.exe
2013-05-15 16:25:48 ----A---- C:\Windows\system32\authui.dll
2013-05-15 16:25:47 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-15 16:25:47 ----A---- C:\Windows\system32\appinfo.dll
2013-05-15 16:24:47 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-15 16:24:47 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-15 16:24:44 ----A---- C:\Windows\system32\win32k.sys
2013-05-15 16:24:00 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 16:23:59 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-08 16:57:04 ----D---- C:\Program Files\Plus500
2013-04-29 21:22:20 ----D---- C:\Program Files\Intel
2013-04-29 21:22:20 ----A---- C:\Windows\system32\CSVer.dll
2013-04-29 21:21:36 ----D---- C:\Intel
2013-04-29 21:19:52 ----A---- C:\Windows\TVNXPDrv.ini
2013-04-29 21:19:52 ----A---- C:\Windows\nxpunist.exe
2013-04-29 21:19:37 ----D---- C:\Program Files\KWorld MultiMedia
2013-04-29 21:19:27 ----A---- C:\Windows\system32\drivers\3xHybrid.sys
2013-04-29 21:19:27 ----A---- C:\Windows\system32\34CoInstaller.dll
2013-04-29 21:18:01 ----D---- C:\Windows\system32\RTCOM
2013-04-29 21:16:53 ----A---- C:\Windows\system32\WavesLib.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\WavesGUILib.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\tosade.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\TepeqAPO.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\tadefxapo2.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\tadefxapo.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\SRSWOW.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\SRSTSXT.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\SRSTSHD.dll
2013-04-29 21:16:53 ----A---- C:\Windows\system32\SRSHP360.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\SFSS_APO.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\SFNHK.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\SFCOM.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\SFAPO.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkPgExt.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkCoLDR.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkCoInstII.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkApoApi.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\RtkAPO.dll
2013-04-29 21:16:52 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RTEEP32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RTEEL32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RTEEG32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RTEED32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RP3DHT32.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RP3DAA32.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\RCoRes.dat
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EEP32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EEL32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EEG32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EED32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\R4EEA32A.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\MaxxAudioRealtek2.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\MaxxAudioRealtek.dll
2013-04-29 21:16:51 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioAPOShell.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2013-04-29 21:16:50 ----A---- C:\Windows\system32\KAAPORT.dll
2013-04-29 21:16:49 ----D---- C:\Program Files\Realtek
2013-04-29 21:16:49 ----A---- C:\Windows\system32\FMAPO.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSU2PREC32.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSU2PLFX32.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSU2PGFX32.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSSymmetryDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSNeoPCDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSLimiterDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSLFXAPO.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSGFXAPONS.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSGFXAPO.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSBoostDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\AERTARen.dll
2013-04-29 21:16:49 ----A---- C:\Windows\system32\AERTACap.dll
2013-04-29 21:16:16 ----HD---- C:\Program Files\Temp
2013-04-29 21:16:15 ----A---- C:\Windows\RtlExUpd.dll
2013-04-29 20:54:34 ----D---- C:\ProgramData\APN
2013-04-29 20:48:39 ----A---- C:\Windows\system32\drivers\DrvAgent32.sys
2013-04-29 20:46:04 ----D---- C:\Program Files\FinalWire

======List of files/folders modified in the last 1 month======

2013-05-27 19:23:48 ----D---- C:\Program Files\trend micro
2013-05-27 19:23:47 ----D---- C:\Windows\Temp
2013-05-27 19:00:51 ----D---- C:\Users\User\AppData\Roaming\AIMP3
2013-05-27 19:00:42 ----D---- C:\Windows\inf
2013-05-27 19:00:39 ----D---- C:\Windows
2013-05-27 18:49:10 ----D---- C:\Windows\Prefetch
2013-05-27 18:45:15 ----D---- C:\Windows\system32\config
2013-05-27 17:42:16 ----D---- C:\Windows\system32\Tasks
2013-05-24 21:49:13 ----SHD---- C:\System Volume Information
2013-05-24 21:31:44 ----D---- C:\Windows\Tasks
2013-05-24 10:27:13 ----AD---- C:\Windows\System32
2013-05-24 10:27:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-22 14:00:29 ----D---- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2013-05-22 14:00:19 ----D---- C:\Users\User\AppData\Roaming\Azureus
2013-05-22 11:04:12 ----D---- C:\Windows\Panther
2013-05-22 11:04:05 ----D---- C:\Windows\Minidump
2013-05-22 11:04:05 ----D---- C:\Windows\Logs
2013-05-22 11:04:05 ----D---- C:\Windows\debug
2013-05-22 10:30:12 ----SHD---- C:\Windows\Installer
2013-05-22 10:28:16 ----D---- C:\Windows\system32\drivers
2013-05-22 10:27:53 ----D---- C:\Program Files\Image-Line
2013-05-22 10:26:07 ----D---- C:\Program Files\Google
2013-05-16 17:38:19 ----D---- C:\Windows\rescache
2013-05-16 15:39:56 ----D---- C:\Windows\Microsoft.NET
2013-05-16 15:39:30 ----RSD---- C:\Windows\assembly
2013-05-16 15:32:39 ----D---- C:\Windows\winsxs
2013-05-16 15:29:44 ----D---- C:\Windows\AppPatch
2013-05-16 15:29:44 ----D---- C:\Program Files\Internet Explorer
2013-05-16 15:29:43 ----D---- C:\Windows\system32\cs-CZ
2013-05-15 22:47:46 ----D---- C:\Windows\system32\catroot
2013-05-15 22:47:45 ----D---- C:\Windows\system32\catroot2
2013-05-15 17:15:50 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-15 16:14:10 ----A---- C:\Windows\system32\MRT.exe
2013-05-06 20:13:11 ----D---- C:\Windows\system32\NDF
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
2013-04-29 21:23:06 ----D---- C:\Windows\system32\DriverStore
2013-04-29 21:16:48 ----HD---- C:\Program Files\InstallShield Installation Information
2013-04-29 21:16:07 ----D---- C:\Program Files\Common Files\InstallShield
2013-04-29 21:05:05 ----HD---- C:\ProgramData
2013-04-29 21:04:34 ----SD---- C:\Users\User\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-07-15 477240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 93312]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 3xHybrid;3xHybrid service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2000-01-01 1115392]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér; C:\Windows\system32\DRIVERS\l260x86.sys [2009-07-14 29184]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-03-19 113960]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3240400]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2005-01-19 22016]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PID_0928;Labtec WebCam(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2005-01-19 211712]
S3 aeofvypd;aeofvypd; C:\Windows\system32\drivers\aeofvypd.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 DrvAgent32;DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [2013-04-29 23456]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-27 25088]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-09-25 23040]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-14 1311232]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-10-26 87368]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-03-19 20680]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-28 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-20 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-17 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-17 116648]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]

-----------------EOF-----------------

Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo dole klikni na Search.

Po té proběhne sken a po jeho skončení na Tebe vypadne log, který mi sem zkopíruj.

# AdwCleaner v2.301 - Log vytvooen 28/05/2013 v 15:39:48
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (32 bits)
# Uživatel : User - PAZDEROVI-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\User\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\ProgramData\APN
Soubor Nalezeno : C:\END

***** [Registry] *****

Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v12.0 (cs)

-\\ Google Chrome v27.0.1453.94

*************************

AdwCleaner[R1].txt - [775 octets] - [28/05/2013 15:39:48]

########## EOF - C:\AdwCleaner[R1].txt - [834 octets] ##########

Znovu spusť AdwCleaner ale tentokrát klikni na Delete,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té na Tebe opět vypadne log který mi sem zkopíruj.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Adwcleaner log:

# AdwCleaner v2.301 - Log vytvooen 29/05/2013 v 20:19:22
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (32 bits)
# Uživatel : User - PAZDEROVI-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\User\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\ProgramData\APN
Soubor Vymazáno : C:\END

***** [Registry] *****

Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v12.0 (cs)

-\\ Google Chrome v27.0.1453.94

*************************

AdwCleaner[R1].txt - [902 octets] - [28/05/2013 15:39:48]
AdwCleaner[S1].txt - [832 octets] - [29/05/2013 20:19:22]

########## EOF - C:\AdwCleaner[S1].txt - [891 octets] ##########

------------------------------------------------------------------------------------------------------------------------------

Combofix Log:

ComboFix 13-05-29.01 - User 29.05.2013 20:50:29.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1023.369 [GMT 2:00]
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LHT2397.tmp
c:\program files\autoclicker
c:\program files\autoclicker\AutoClicker.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 19:02 . 2013-05-29 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-29 18:34 . 2013-05-29 18:34 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCB1E3FC-3014-4CEE-A5A4-15363FE3DE04}\offreg.dll
2013-05-28 13:24 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCB1E3FC-3014-4CEE-A5A4-15363FE3DE04}\mpengine.dll
2013-05-22 08:47 . 2013-05-22 08:47 -------- d-----w- c:\program files\CCleaner
2013-05-15 14:25 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 14:25 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 14:25 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 14:24 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 14:24 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 14:24 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 14:24 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:23 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-08 14:57 . 2013-05-08 14:57 -------- d-----w- c:\users\User\AppData\Local\Plus500
2013-05-08 14:57 . 2013-05-08 14:57 -------- d-----w- c:\program files\Plus500
2013-04-29 19:22 . 2013-04-29 19:22 -------- d-----w- c:\program files\Intel
2013-04-29 19:22 . 2000-01-01 00:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-04-29 19:21 . 2013-04-29 19:21 -------- d-----w- C:\Intel
2013-04-29 19:19 . 2000-01-01 00:00 319488 ----a-w- c:\windows\nxpunist.exe
2013-04-29 19:19 . 2013-04-29 19:19 -------- d-----w- c:\program files\KWorld MultiMedia
2013-04-29 19:19 . 2000-01-01 00:00 9760 ----a-w- c:\windows\system32\34CoInstaller.dll
2013-04-29 19:19 . 2000-01-01 00:00 1115392 ----a-w- c:\windows\system32\drivers\3xHybrid.sys
2013-04-29 19:18 . 2013-04-29 19:18 -------- d-----w- c:\windows\system32\RTCOM
2013-04-29 19:06 . 2013-04-29 19:06 -------- d-----w- c:\users\User\AppData\Local\SlimWare Utilities Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 15:15 . 2012-06-20 19:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 15:15 . 2012-06-20 19:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-06-20 09:44 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-29 18:48 . 2013-04-29 18:48 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-04-13 04:45 . 2013-05-15 14:24 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 12:54 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-06 07:25 . 2013-04-06 07:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-06 07:25 . 2012-07-11 19:43 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-06 07:25 . 2012-07-11 19:43 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-30 00:12 . 2013-03-30 00:12 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-30 00:12 . 2013-03-30 00:12 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-03-30 00:12 . 2013-03-30 00:12 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-30 00:12 . 2013-03-30 00:12 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-30 00:12 . 2013-03-30 00:12 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-03-30 00:12 . 2013-03-30 00:12 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-03-30 00:12 . 2013-03-30 00:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-30 00:12 . 2013-03-30 00:12 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-03-30 00:12 . 2013-03-30 00:12 361984 ----a-w- c:\windows\system32\html.iec
2013-03-30 00:12 . 2013-03-30 00:12 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-30 00:12 . 2013-03-30 00:12 158720 ----a-w- c:\windows\system32\msls31.dll
2013-03-30 00:12 . 2013-03-30 00:12 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-30 00:12 . 2013-03-30 00:12 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-30 00:12 . 2013-03-30 00:12 138752 ----a-w- c:\windows\system32\wextract.exe
2013-03-30 00:12 . 2013-03-30 00:12 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-30 00:12 . 2013-03-30 00:12 12800 ----a-w- c:\windows\system32\mshta.exe
2013-03-30 00:12 . 2013-03-30 00:12 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-19 05:04 . 2013-04-10 13:27 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 13:27 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 13:27 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 13:27 69632 ----a-w- c:\windows\system32\smss.exe
2013-01-28 17:49 . 2012-06-20 08:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-05-29 655360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér;c:\windows\system32\DRIVERS\l260x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 15:15]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 18:21]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 18:21]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4244522806-1124934022-3224625945-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 18:50]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4244522806-1124934022-3224625945-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 18:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 86.61.156.225 84.16.96.2
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3s6fbxtz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-29 21:10:45
ComboFix-quarantined-files.txt 2013-05-29 19:10
.
Před spuštěním: Volných bajtů: 130 107 367 424
Po spuštění: Volných bajtů: 130 020 773 888
.
- - End Of File - - 4E5EE6A36594FEF8F6809918EE7F77DC

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

ComboFix 13-05-29.01 - User 30.05.2013 23:22:41.2.2 - x86
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\User\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-30 )))))))))))))))))))))))))))))))
.
.
2013-05-30 21:41 . 2013-05-30 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-30 21:16 . 2013-05-30 21:16 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCB1E3FC-3014-4CEE-A5A4-15363FE3DE04}\offreg.dll
2013-05-28 13:24 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCB1E3FC-3014-4CEE-A5A4-15363FE3DE04}\mpengine.dll
2013-05-22 08:47 . 2013-05-22 08:47 -------- d-----w- c:\program files\CCleaner
2013-05-15 14:25 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 14:25 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 14:25 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 14:24 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 14:24 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 14:24 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 14:24 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:23 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-08 14:57 . 2013-05-08 14:57 -------- d-----w- c:\users\User\AppData\Local\Plus500
2013-05-08 14:57 . 2013-05-08 14:57 -------- d-----w- c:\program files\Plus500
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 15:15 . 2012-06-20 19:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 15:15 . 2012-06-20 19:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-06-20 09:44 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-29 18:48 . 2013-04-29 18:48 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-04-13 04:45 . 2013-05-15 14:24 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 12:54 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-06 07:25 . 2013-04-06 07:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-06 07:25 . 2012-07-11 19:43 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-06 07:25 . 2012-07-11 19:43 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-30 00:12 . 2013-03-30 00:12 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-30 00:12 . 2013-03-30 00:12 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-03-30 00:12 . 2013-03-30 00:12 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-30 00:12 . 2013-03-30 00:12 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-30 00:12 . 2013-03-30 00:12 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-03-30 00:12 . 2013-03-30 00:12 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-03-30 00:12 . 2013-03-30 00:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-30 00:12 . 2013-03-30 00:12 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-03-30 00:12 . 2013-03-30 00:12 361984 ----a-w- c:\windows\system32\html.iec
2013-03-30 00:12 . 2013-03-30 00:12 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-30 00:12 . 2013-03-30 00:12 158720 ----a-w- c:\windows\system32\msls31.dll
2013-03-30 00:12 . 2013-03-30 00:12 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-30 00:12 . 2013-03-30 00:12 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-30 00:12 . 2013-03-30 00:12 138752 ----a-w- c:\windows\system32\wextract.exe
2013-03-30 00:12 . 2013-03-30 00:12 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-30 00:12 . 2013-03-30 00:12 12800 ----a-w- c:\windows\system32\mshta.exe
2013-03-30 00:12 . 2013-03-30 00:12 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-19 05:04 . 2013-04-10 13:27 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 13:27 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 13:27 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 13:27 69632 ----a-w- c:\windows\system32\smss.exe
2013-01-28 17:49 . 2012-06-20 08:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-05-29 655360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér;c:\windows\system32\DRIVERS\l260x86.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 15:15]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 18:21]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 18:21]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4244522806-1124934022-3224625945-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 18:50]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4244522806-1124934022-3224625945-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 18:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 86.61.156.225 84.16.96.2
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3s6fbxtz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1080)
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
.
Celkový čas: 2013-05-30 23:48:19
ComboFix-quarantined-files.txt 2013-05-30 21:48
ComboFix2.txt 2013-05-29 19:10
.
Před spuštěním: Volných bajtů: 129 426 870 272
Po spuštění: Volných bajtů: 129 374 330 880
.
- - End Of File - - 8DECC9FFBC724427F77523CFF5FCF173

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jaký je stav PC.

Abych pravdu řekl, zatím jsem víceméně žádnou změnu nepoznal...

adonny píše:Abych pravdu řekl, zatím jsem víceméně žádnou změnu nepoznal...

To znamená že se PC pořád seká a blbne net ?

Myslím, že sekání internetu je pravděpodobně zapříčiněné sekáním počítače, ale ano, tento problém stále přetrvává, ikdyž možná v menší míře, ale stále je to neskutečné.

Šmejdi tam nejsou tak že, tím to není.

Dej mi sem tedy ještě aktuální log z Rsit, podívám se co by ještě šlo stopnout po startu,

protože 1 GB RAM na Win 7 nic moc.

V mezičase restartuj modem (na minutku ho odpoj z elektřiny)

VIRY.CZ

Zpomalené PC se záseky, včetně internetu

Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu

Re: Zpomalené PC se záseky, včetně internetu