VIRY.CZ

Zdravím, prosim o kontrolu logu strasne pomaly internet. z niceho nic to prestalo jit rychle. Dekuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tymi at 2013-09-05 20:59:29
Microsoft Windows 7 Professional
System drive C: has 288 GB (94%) free of 305 GB
Total RAM: 2047 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:01:24, on 5.9.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Tymi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-551470042-1990829164-3089229811-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-551470042-1990829164-3089229811-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6868 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe" 譕菬⃬䖋匌墣@謐ᑅ岣@謐၅鹨ꌐ䁠က㗿䀸က䖋８౐Ū痨謀姘�萏ċ
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3888 CREDAT:71937
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3888 CREDAT:71952
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3888 CREDAT:137476
"C:\Users\Tymi\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-09-05 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll [2013-09-05 346136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-09-05 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [2013-09-05 1000984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-09-05 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-09-05 192144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2013-09-05 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-09-05 20:59:29 ----D---- C:\rsit
2013-09-05 20:59:29 ----D---- C:\Program Files\trend micro
2013-09-05 18:49:26 ----D---- C:\Program Files (x86)\ESET
2013-09-05 18:29:28 ----D---- C:\Windows\Panther
2013-09-05 18:29:17 ----RASH---- C:\BOOTSECT.BAK
2013-09-05 18:29:15 ----SHD---- C:\Boot
2013-09-05 18:19:59 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-09-05 18:17:59 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-09-05 18:16:40 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2013-09-05 18:16:40 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2013-09-05 18:16:40 ----A---- C:\Windows\system32\netfxperf.dll
2013-09-05 18:16:39 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2013-09-05 18:16:39 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2013-09-05 18:16:39 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2013-09-05 18:16:39 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2013-09-05 18:16:39 ----A---- C:\Windows\system32\PresentationHost.exe
2013-09-05 18:16:39 ----A---- C:\Windows\system32\mscoree.dll
2013-09-05 18:16:39 ----A---- C:\Windows\system32\dfshim.dll
2013-09-05 18:15:49 ----D---- C:\22182abee2b6470a9b3760
2013-09-05 18:14:59 ----D---- C:\Program Files (x86)\AGEIA Technologies
2013-09-05 18:12:26 ----A---- C:\Windows\system32\nvhdap64.dll
2013-09-05 18:12:26 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2013-09-05 18:12:25 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2013-09-05 18:12:25 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2013-09-05 18:12:25 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2013-09-05 18:12:25 ----A---- C:\Windows\system32\nvwgf2umx.dll
2013-09-05 18:12:25 ----A---- C:\Windows\system32\nvopencl.dll
2013-09-05 18:12:25 ----A---- C:\Windows\system32\nvoglv64.dll
2013-09-05 18:12:25 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\NvIFR64.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\NvFBC64.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvdispgenco6432049.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvdispco6432049.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvd3dumx.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvcuvid.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvcuda.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-09-05 18:12:23 ----A---- C:\Windows\system32\nvcompiler.dll
2013-09-05 18:11:10 ----D---- C:\NVIDIA
2013-09-05 17:57:28 ----D---- C:\ProgramData\NVIDIA
2013-09-05 17:57:24 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvvsvc.exe
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvsvcr.dll
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvsvc64.dll
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvshext.dll
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvmctray.dll
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvcpl.dll
2013-09-05 17:57:09 ----D---- C:\ProgramData\McAfee Security Scan
2013-09-05 17:57:07 ----D---- C:\ProgramData\McAfee
2013-09-05 17:57:07 ----D---- C:\Program Files (x86)\McAfee Security Scan
2013-09-05 17:56:38 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2013-09-05 17:56:38 ----A---- C:\Windows\system32\OpenCL.dll
2013-09-05 17:56:09 ----D---- C:\ProgramData\NVIDIA Corporation
2013-09-05 17:55:56 ----D---- C:\Program Files\NVIDIA Corporation
2013-09-05 17:53:37 ----D---- C:\Program Files (x86)\GUM60DD.tmp
2013-09-05 17:50:45 ----D---- C:\Users\Tymi\AppData\Roaming\Macromedia
2013-09-05 17:50:40 ----D---- C:\Users\Tymi\AppData\Roaming\Adobe
2013-09-05 17:50:36 ----D---- C:\Users\Tymi\AppData\Roaming\Google
2013-09-05 17:48:12 ----A---- C:\Windows\SYSWOW64\cabview.dll
2013-09-05 17:48:12 ----A---- C:\Windows\system32\cabview.dll
2013-09-05 17:48:11 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2013-09-05 17:48:11 ----A---- C:\Windows\system32\rdpcore.dll
2013-09-05 17:48:11 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2013-09-05 17:48:11 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2013-09-05 17:45:54 ----D---- C:\Program Files\Google
2013-09-05 17:45:46 ----D---- C:\ProgramData\Google
2013-09-05 17:45:42 ----SHD---- C:\Windows\Installer
2013-09-05 17:45:34 ----D---- C:\Program Files (x86)\Google
2013-09-05 17:45:32 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-09-05 17:45:30 ----D---- C:\Windows\SYSWOW64\Macromed
2013-09-05 17:45:29 ----D---- C:\Windows\system32\Macromed
2013-09-05 17:43:07 ----A---- C:\Windows\system32\wups2.dll
2013-09-05 17:43:07 ----A---- C:\Windows\system32\wucltux.dll
2013-09-05 17:43:07 ----A---- C:\Windows\system32\wuaueng.dll
2013-09-05 17:43:07 ----A---- C:\Windows\system32\wuauclt.exe
2013-09-05 17:43:01 ----A---- C:\Windows\system32\wups.dll
2013-09-05 17:43:01 ----A---- C:\Windows\system32\wudriver.dll
2013-09-05 17:43:01 ----A---- C:\Windows\system32\wuapi.dll
2013-09-05 17:42:56 ----A---- C:\Windows\system32\wuwebv.dll
2013-09-05 17:42:56 ----A---- C:\Windows\system32\wuapp.exe
2013-09-05 17:39:33 ----D---- C:\Users\Tymi\AppData\Roaming\Identities
2013-09-05 17:38:02 ----SD---- C:\Users\Tymi\AppData\Roaming\Microsoft
2013-09-05 17:38:02 ----D---- C:\Users\Tymi\AppData\Roaming\Media Center Programs
2013-09-05 17:37:11 ----SHD---- C:\Recovery
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Šablony
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Plocha
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Oblíbené položky
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Nabídka Start
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Dokumenty
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Data aplikací
2013-09-05 17:32:52 ----D---- C:\Windows\SoftwareDistribution
2013-09-05 17:30:18 ----ASH---- C:\pagefile.sys
2013-09-05 17:30:17 ----D---- C:\Windows\Prefetch
2013-09-05 17:30:10 ----SHD---- C:\System Volume Information
2013-09-05 17:30:10 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2013-09-05 20:59:36 ----D---- C:\Windows\Temp
2013-09-05 20:59:29 ----RD---- C:\Program Files
2013-09-05 20:31:20 ----D---- C:\Windows\system32\config
2013-09-05 20:19:02 ----D---- C:\Windows\rescache
2013-09-05 20:14:15 ----D---- C:\Windows\Logs
2013-09-05 19:57:43 ----D---- C:\Windows\Microsoft.NET
2013-09-05 19:57:42 ----RSD---- C:\Windows\assembly
2013-09-05 18:49:26 ----RD---- C:\Program Files (x86)
2013-09-05 18:29:02 ----D---- C:\Windows\System32
2013-09-05 18:29:02 ----D---- C:\Windows\Setup
2013-09-05 18:29:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-05 18:29:01 ----D---- C:\Windows\inf
2013-09-05 18:25:04 ----D---- C:\Windows\system32\wdi
2013-09-05 18:23:31 ----D---- C:\Windows
2013-09-05 18:23:29 ----D---- C:\Windows\winsxs
2013-09-05 18:23:13 ----D---- C:\Windows\SysWOW64
2013-09-05 18:20:37 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-09-05 18:20:37 ----D---- C:\Windows\system32\cs-CZ
2013-09-05 18:18:07 ----D---- C:\Windows\SYSWOW64\en-US
2013-09-05 18:18:07 ----D---- C:\Windows\system32\en-US
2013-09-05 18:16:44 ----D---- C:\Windows\system32\catroot
2013-09-05 18:16:31 ----D---- C:\Windows\system32\catroot2
2013-09-05 18:15:36 ----D---- C:\Windows\system32\DriverStore
2013-09-05 18:14:41 ----D---- C:\Windows\system32\drivers
2013-09-05 17:57:28 ----HD---- C:\ProgramData
2013-09-05 17:57:26 ----RD---- C:\Users
2013-09-05 17:57:05 ----D---- C:\Windows\Tasks
2013-09-05 17:57:05 ----D---- C:\Windows\system32\Tasks
2013-09-05 17:57:03 ----D---- C:\Windows\Help
2013-09-05 17:49:07 ----D---- C:\Windows\system32\CodeIntegrity
2013-09-05 17:39:29 ----SHD---- C:\$Recycle.Bin
2013-09-05 17:37:39 ----D---- C:\Windows\system32\restore
2013-09-05 17:37:11 ----SD---- C:\ProgramData\Microsoft
2013-09-05 17:37:11 ----D---- C:\Program Files\Windows NT
2013-09-05 17:35:30 ----D---- C:\Windows\debug
2013-09-05 17:33:04 ----D---- C:\Windows\system32\sysprep
2013-09-05 17:30:43 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-06-21 413472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-05 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-09-05 194032]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Tady je Log :

# AdwCleaner v3.002 - Report created 06/09/2013 at 15:07:45
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Professional (64 bits)
# Username : Tymi - TYMI-PC
# Running from : C:\Users\Tymi\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Google Chrome v22.0.1229.95

[ File : C:\Users\Tymi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [741 octets] - [06/09/2013 15:06:59]
AdwCleaner[S0].txt - [663 octets] - [06/09/2013 15:07:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [722 octets] ##########

Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files (x86)\Google\GoogleToolbarNotifier
C:\Program Files (x86)\Google\Google Toolbar
C:\Program Files (x86)\McAfee Security Scan
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Program Files (x86)\GUM60DD.tmp

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Po restartu naskocilo okno :

All processes killed
========== FILES ==========
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002 folder moved successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier folder moved successfully.
C:\Program Files (x86)\Google\Google Toolbar\Component folder moved successfully.
C:\Program Files (x86)\Google\Google Toolbar folder moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\sacoredata folder moved successfully.
C:\Program Files (x86)\McAfee Security Scan\3.0.318 folder moved successfully.
C:\Program Files (x86)\McAfee Security Scan folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Program Files (x86)\GUM60DD.tmp folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tymi
->Temp folder emptied: 289562915 bytes
->Temporary Internet Files folder emptied: 53039751 bytes
->Google Chrome cache emptied: 150728728 bytes
->Flash cache emptied: 1161 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8748763 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4978554 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 484,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tymi
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 09062013_184432

Files moved on Reboot...
C:\Users\Tymi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Log RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tymi at 2013-09-06 18:48:15
Microsoft Windows 7 Professional
System drive C: has 285 GB (93%) free of 305 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:48:20, on 6.9.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\_OTM\MovedFiles\09062013_184432\C_Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files\trend micro\Tymi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-551470042-1990829164-3089229811-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-551470042-1990829164-3089229811-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6120 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {5F78E764-82AB-44BA-A46E-4FF16E01F11A}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\_OTM\MovedFiles\09062013_184432\C_Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 500 504 512 65536 508
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1560 CREDAT:71937
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1560 CREDAT:71938
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Tymi\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll [2013-09-05 346136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-09-06 18:44:32 ----D---- C:\_OTM
2013-09-06 15:25:49 ----N---- C:\Windows\system32\MpSigStub.exe
2013-09-06 15:06:55 ----D---- C:\AdwCleaner
2013-09-05 20:59:29 ----D---- C:\rsit
2013-09-05 20:59:29 ----D---- C:\Program Files\trend micro
2013-09-05 18:49:26 ----D---- C:\Program Files (x86)\ESET
2013-09-05 18:29:28 ----D---- C:\Windows\Panther
2013-09-05 18:29:17 ----RASH---- C:\BOOTSECT.BAK
2013-09-05 18:29:15 ----SHD---- C:\Boot
2013-09-05 18:19:59 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-09-05 18:17:59 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-09-05 18:16:40 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2013-09-05 18:16:40 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2013-09-05 18:16:40 ----A---- C:\Windows\system32\netfxperf.dll
2013-09-05 18:16:39 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2013-09-05 18:16:39 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2013-09-05 18:16:39 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2013-09-05 18:16:39 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2013-09-05 18:16:39 ----A---- C:\Windows\system32\PresentationHost.exe
2013-09-05 18:16:39 ----A---- C:\Windows\system32\mscoree.dll
2013-09-05 18:16:39 ----A---- C:\Windows\system32\dfshim.dll
2013-09-05 18:15:49 ----D---- C:\22182abee2b6470a9b3760
2013-09-05 18:14:59 ----D---- C:\Program Files (x86)\AGEIA Technologies
2013-09-05 18:12:26 ----A---- C:\Windows\system32\nvhdap64.dll
2013-09-05 18:12:26 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2013-09-05 18:12:25 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2013-09-05 18:12:25 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2013-09-05 18:12:25 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2013-09-05 18:12:25 ----A---- C:\Windows\system32\nvwgf2umx.dll
2013-09-05 18:12:25 ----A---- C:\Windows\system32\nvopencl.dll
2013-09-05 18:12:25 ----A---- C:\Windows\system32\nvoglv64.dll
2013-09-05 18:12:25 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2013-09-05 18:12:24 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\NvIFR64.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\NvFBC64.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvdispgenco6432049.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvdispco6432049.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvd3dumx.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvcuvid.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\nvcuda.dll
2013-09-05 18:12:24 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-09-05 18:12:23 ----A---- C:\Windows\system32\nvcompiler.dll
2013-09-05 18:11:10 ----D---- C:\NVIDIA
2013-09-05 17:57:28 ----D---- C:\ProgramData\NVIDIA
2013-09-05 17:57:24 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvvsvc.exe
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvsvcr.dll
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvsvc64.dll
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvshext.dll
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvmctray.dll
2013-09-05 17:57:10 ----A---- C:\Windows\system32\nvcpl.dll
2013-09-05 17:57:09 ----D---- C:\ProgramData\McAfee Security Scan
2013-09-05 17:57:07 ----D---- C:\ProgramData\McAfee
2013-09-05 17:56:38 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2013-09-05 17:56:38 ----A---- C:\Windows\system32\OpenCL.dll
2013-09-05 17:56:09 ----D---- C:\ProgramData\NVIDIA Corporation
2013-09-05 17:55:56 ----D---- C:\Program Files\NVIDIA Corporation
2013-09-05 17:50:45 ----D---- C:\Users\Tymi\AppData\Roaming\Macromedia
2013-09-05 17:50:40 ----D---- C:\Users\Tymi\AppData\Roaming\Adobe
2013-09-05 17:50:36 ----D---- C:\Users\Tymi\AppData\Roaming\Google
2013-09-05 17:48:12 ----A---- C:\Windows\SYSWOW64\cabview.dll
2013-09-05 17:48:12 ----A---- C:\Windows\system32\cabview.dll
2013-09-05 17:48:11 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2013-09-05 17:48:11 ----A---- C:\Windows\system32\rdpcore.dll
2013-09-05 17:48:11 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2013-09-05 17:48:11 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2013-09-05 17:45:54 ----D---- C:\Program Files\Google
2013-09-05 17:45:46 ----D---- C:\ProgramData\Google
2013-09-05 17:45:42 ----SHD---- C:\Windows\Installer
2013-09-05 17:45:34 ----D---- C:\Program Files (x86)\Google
2013-09-05 17:45:32 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-09-05 17:45:30 ----D---- C:\Windows\SYSWOW64\Macromed
2013-09-05 17:45:29 ----D---- C:\Windows\system32\Macromed
2013-09-05 17:43:07 ----A---- C:\Windows\system32\wups2.dll
2013-09-05 17:43:07 ----A---- C:\Windows\system32\wucltux.dll
2013-09-05 17:43:07 ----A---- C:\Windows\system32\wuaueng.dll
2013-09-05 17:43:07 ----A---- C:\Windows\system32\wuauclt.exe
2013-09-05 17:43:01 ----A---- C:\Windows\system32\wups.dll
2013-09-05 17:43:01 ----A---- C:\Windows\system32\wudriver.dll
2013-09-05 17:43:01 ----A---- C:\Windows\system32\wuapi.dll
2013-09-05 17:42:56 ----A---- C:\Windows\system32\wuwebv.dll
2013-09-05 17:42:56 ----A---- C:\Windows\system32\wuapp.exe
2013-09-05 17:39:33 ----D---- C:\Users\Tymi\AppData\Roaming\Identities
2013-09-05 17:38:02 ----SD---- C:\Users\Tymi\AppData\Roaming\Microsoft
2013-09-05 17:38:02 ----D---- C:\Users\Tymi\AppData\Roaming\Media Center Programs
2013-09-05 17:37:11 ----SHD---- C:\Recovery
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Šablony
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Plocha
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Oblíbené položky
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Nabídka Start
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Dokumenty
2013-09-05 17:37:10 ----SHD---- C:\ProgramData\Data aplikací
2013-09-05 17:32:52 ----D---- C:\Windows\SoftwareDistribution
2013-09-05 17:30:18 ----ASH---- C:\pagefile.sys
2013-09-05 17:30:17 ----D---- C:\Windows\Prefetch
2013-09-05 17:30:10 ----SHD---- C:\System Volume Information
2013-09-05 17:30:10 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2013-09-06 18:44:57 ----D---- C:\Windows\system32\config
2013-09-06 18:44:55 ----D---- C:\Windows\Temp
2013-09-06 18:44:33 ----RD---- C:\Program Files (x86)
2013-09-06 18:44:33 ----D---- C:\Windows\Tasks
2013-09-06 17:41:24 ----D---- C:\Windows\system32\wdi
2013-09-06 16:51:00 ----D---- C:\Windows\System32
2013-09-06 16:51:00 ----D---- C:\Windows\inf
2013-09-06 16:51:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-06 16:36:19 ----D---- C:\Windows\SYSWOW64\drivers
2013-09-06 15:39:15 ----D---- C:\Windows\system32\catroot
2013-09-06 15:39:09 ----D---- C:\Windows\system32\catroot2
2013-09-06 15:38:41 ----D---- C:\Windows\winsxs
2013-09-05 20:59:29 ----RD---- C:\Program Files
2013-09-05 20:19:02 ----D---- C:\Windows\rescache
2013-09-05 20:14:15 ----D---- C:\Windows\Logs
2013-09-05 19:57:43 ----D---- C:\Windows\Microsoft.NET
2013-09-05 19:57:42 ----RSD---- C:\Windows\assembly
2013-09-05 18:29:02 ----D---- C:\Windows\Setup
2013-09-05 18:23:31 ----D---- C:\Windows
2013-09-05 18:23:13 ----D---- C:\Windows\SysWOW64
2013-09-05 18:20:37 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-09-05 18:20:37 ----D---- C:\Windows\system32\cs-CZ
2013-09-05 18:18:07 ----D---- C:\Windows\SYSWOW64\en-US
2013-09-05 18:18:07 ----D---- C:\Windows\system32\en-US
2013-09-05 18:15:36 ----D---- C:\Windows\system32\DriverStore
2013-09-05 18:14:41 ----D---- C:\Windows\system32\drivers
2013-09-05 17:57:28 ----HD---- C:\ProgramData
2013-09-05 17:57:26 ----RD---- C:\Users
2013-09-05 17:57:05 ----D---- C:\Windows\system32\Tasks
2013-09-05 17:57:03 ----D---- C:\Windows\Help
2013-09-05 17:49:07 ----D---- C:\Windows\system32\CodeIntegrity
2013-09-05 17:39:29 ----SHD---- C:\$Recycle.Bin
2013-09-05 17:37:39 ----D---- C:\Windows\system32\restore
2013-09-05 17:37:11 ----SD---- C:\ProgramData\Microsoft
2013-09-05 17:37:11 ----D---- C:\Program Files\Windows NT
2013-09-05 17:35:30 ----D---- C:\Windows\debug
2013-09-05 17:33:04 ----D---- C:\Windows\system32\sysprep
2013-09-05 17:30:43 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
S3 Asushwio;Asushwio; \??\D:\Bin\64bit\Asushwio.sys [2004-06-11 5120]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-06-21 413472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-05 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-09-05 194032]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe []
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Log je již OK. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?

O trochu rychlejsi.. prehravani videi jen v klavite 144p. na to se ani neda koukat.

Dejte ještě log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

ComboFix 13-09-06.01 - Tymi 06.09.2013 19:39:44.1.1 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2047.1368 [GMT 2:00]
Spuštěný z: c:\users\Tymi\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-06 do 2013-09-06 )))))))))))))))))))))))))))))))
.
.
2013-09-06 17:44 . 2013-09-06 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-06 13:25 . 2013-08-19 22:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6901CF8C-132E-4838-9013-80A937EEE435}\mpengine.dll
2013-09-06 13:25 . 2013-08-07 02:22 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-06 13:06 . 2013-09-06 13:07 -------- d-----w- C:\AdwCleaner
2013-09-05 18:59 . 2013-09-06 16:48 -------- d-----w- c:\program files\trend micro
2013-09-05 16:49 . 2013-09-05 16:49 -------- d-----w- c:\program files (x86)\ESET
2013-09-05 16:29 . 2013-09-05 15:37 -------- d-----w- c:\windows\Panther
2013-09-05 16:29 . 2013-09-05 16:29 -------- d-----w- C:\Boot
2013-09-05 16:17 . 2013-09-05 16:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-09-05 16:16 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2013-09-05 16:16 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2013-09-05 16:16 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2013-09-05 16:16 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2013-09-05 16:16 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2013-09-05 16:16 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-09-05 16:16 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-09-05 16:16 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2013-09-05 16:16 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2013-09-05 16:16 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-09-05 16:15 . 2013-09-05 16:21 -------- d-----w- C:\22182abee2b6470a9b3760
2013-09-05 16:14 . 2013-09-05 16:14 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-09-05 16:11 . 2013-09-05 16:11 -------- d-----w- C:\NVIDIA
2013-09-05 15:57 . 2013-09-06 16:57 -------- d-----w- c:\programdata\NVIDIA
2013-09-05 15:57 . 2013-09-05 15:57 -------- d-----w- c:\users\UpdatusUser
2013-09-05 15:48 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2013-09-05 15:48 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2013-09-05 15:48 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-09-05 15:48 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-09-05 15:48 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-09-05 15:48 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-09-05 15:45 . 2013-09-05 15:45 -------- d-----w- c:\program files\Google
2013-09-05 15:45 . 2013-09-06 14:44 -------- d-sh--w- c:\windows\Installer
2013-09-05 15:45 . 2013-09-06 16:44 -------- d-----w- c:\program files (x86)\Google
2013-09-05 15:45 . 2013-09-05 15:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 15:45 . 2013-09-05 15:57 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-05 15:45 . 2013-09-05 15:45 -------- d-----w- c:\windows\SysWow64\Macromed
2013-09-05 15:45 . 2013-09-05 15:45 -------- d-----w- c:\windows\system32\Macromed
2013-09-05 15:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-09-05 15:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-09-05 15:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-09-05 15:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-09-05 15:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-09-05 15:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-09-05 15:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-09-05 15:42 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-09-05 15:42 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 12:06 . 2013-02-25 22:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-25 22:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-25 22:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Asushwio;Asushwio;d:\bin\64bit\Asushwio.sys;d:\bin\64bit\Asushwio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 13:57 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-05 15:57]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-09-06 19:46:07
ComboFix-quarantined-files.txt 2013-09-06 17:46
.
Před spuštěním: Volných bajtů: 298 479 857 664
Po spuštění: Volných bajtů: 298 345 783 296
.
- - End Of File - - C9F88DD2338DD0C61CF94A33A8EC792E
A36C5E4F47E84449FF07ED3517B43A31

Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

ComboFix 13-09-06.01 - Tymi 06.09.2013 21:55:53.2.1 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2047.1062 [GMT 2:00]
Spuštěný z: c:\users\Tymi\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tymi\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-06 do 2013-09-06 )))))))))))))))))))))))))))))))
.
.
2013-09-06 13:25 . 2013-08-19 22:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6901CF8C-132E-4838-9013-80A937EEE435}\mpengine.dll
2013-09-06 13:25 . 2013-08-07 02:22 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-06 13:06 . 2013-09-06 13:07 -------- d-----w- C:\AdwCleaner
2013-09-05 18:59 . 2013-09-06 16:48 -------- d-----w- c:\program files\trend micro
2013-09-05 16:49 . 2013-09-05 16:49 -------- d-----w- c:\program files (x86)\ESET
2013-09-05 16:29 . 2013-09-05 15:37 -------- d-----w- c:\windows\Panther
2013-09-05 16:29 . 2013-09-05 16:29 -------- d-----w- C:\Boot
2013-09-05 16:17 . 2013-09-05 16:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-09-05 16:16 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2013-09-05 16:16 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2013-09-05 16:16 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2013-09-05 16:16 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2013-09-05 16:16 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2013-09-05 16:16 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-09-05 16:16 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-09-05 16:16 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2013-09-05 16:16 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2013-09-05 16:16 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-09-05 16:15 . 2013-09-05 16:21 -------- d-----w- C:\22182abee2b6470a9b3760
2013-09-05 16:14 . 2013-09-05 16:14 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-09-05 16:11 . 2013-09-05 16:11 -------- d-----w- C:\NVIDIA
2013-09-05 15:57 . 2013-09-06 20:00 -------- d-----w- c:\programdata\NVIDIA
2013-09-05 15:57 . 2013-09-05 15:57 -------- d-----w- c:\users\UpdatusUser
2013-09-05 15:48 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2013-09-05 15:48 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2013-09-05 15:48 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-09-05 15:48 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-09-05 15:48 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-09-05 15:48 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-09-05 15:45 . 2013-09-05 15:45 -------- d-----w- c:\program files\Google
2013-09-05 15:45 . 2013-09-06 14:44 -------- d-sh--w- c:\windows\Installer
2013-09-05 15:45 . 2013-09-06 16:44 -------- d-----w- c:\program files (x86)\Google
2013-09-05 15:45 . 2013-09-05 15:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 15:45 . 2013-09-05 15:57 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-05 15:45 . 2013-09-05 15:45 -------- d-----w- c:\windows\SysWow64\Macromed
2013-09-05 15:45 . 2013-09-05 15:45 -------- d-----w- c:\windows\system32\Macromed
2013-09-05 15:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-09-05 15:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-09-05 15:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-09-05 15:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-09-05 15:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-09-05 15:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-09-05 15:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-09-05 15:42 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-09-05 15:42 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 12:06 . 2013-02-25 22:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-25 22:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-25 22:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Asushwio;Asushwio;d:\bin\64bit\Asushwio.sys;d:\bin\64bit\Asushwio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 13:57 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-05 15:57]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-09-06 22:03:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-06 20:03
ComboFix2.txt 2013-09-06 17:46
.
Před spuštěním: Volných bajtů: 298 462 576 640
Po spuštění: Volných bajtů: 298 364 223 488
.
- - End Of File - - 5DFEA91751FEEC977A1D2B7143A96568
A36C5E4F47E84449FF07ED3517B43A31

Log již vypadá OK. Nastala nějaká změna?

Zdravim, bohuzel zadna zmena.. donutilo me to zakoupit Win 7 a zadny problem.. Dekuji za pomoc. (lock up)

Není zač!

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu