Hezký před-slunovratový večer,
počítač se hodně v posl.době zpomalil. Nutno dodat, že jsem ho čistil AdwCleanerem, MalwareBytes, RogueKiller a SpyBotem, doufám že jsem nic nepo....
děkuju moc za pomoc...pokouším se amatérsky odstranit trojan, a tuším, že se mi to asi dost možná nepovede
ProcExp našel problém v spustitelném souboru - kopíruji níže výstup VirusTotal:
Trojan.Malware.Win32.xPack.i
SHA256: fea8c0a81bb137fb7fc319d493195e5c995c6a07b6c91fc425f2e0ba89ba9c91
File name: 602updsvc.exe
Detection ratio: 1 / 43
Analysis date: 2011-09-02 10:06:52 UTC ( 2 roky, 9 měsíců ago )
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
----------------------------------
----------------------------------
zde je čerstvý log z RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jarka at 2014-06-20 19:37:24
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 156 GB (69%) free of 224 GB
Total RAM: 1787 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:37:41, on 20.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Sysinternals\procexp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jarka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.szn.cz/?returnURL=https%3 ... ceId=email
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager Service (FileOpenManagerService) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
--
End of file - 11778 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {7B8B3378-C107-436E-A941-7C200F315103}
"taskhost.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
taskeng.exe {184A8B82-8F07-4208-8C01-73C6896D4FF9}
"C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe"
"C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe"
"C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe"
"C:\Program Files\FileOpen\Services\FileOpenBroker64.exe"
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[S1].txt
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Sysinternals\procexp.exe"
"C:\Program Files (x86)\Sysinternals\procexp.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://www.virustotal.com/file/fea8c0a ... /analysis/
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4908.0.758491966\1878577814" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,15 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x9712 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.713.3.3000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserPreReadExperiment/20-pct/ChromeSuggestions/ML Kodachrome dev/EnhancedBookmarks/Default/ExtensionInstallVerification/None/GoogleNow/Enable/Prerender/PrerenderMulti/PrerenderLocalPredictorSpec/cd=1a:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30/SPDY/SpdyEnabled/SettingsEnforcement/enforce_always_with_extensions/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="4908.1.1697993906\257105024" /prefetch:673131151
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Disabled/BrowserBlacklist/Enabled/BrowserPreReadExperiment/20-pct/ChromeSuggestions/ML Kodachrome dev/EnhancedBookmarks/Default/ExtensionInstallVerification/None/GoogleNow/Enable/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/cd=1a:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30/SPDY/SpdyEnabled/SettingsEnforcement/enforce_always_with_extensions/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="4908.4.497271975\1625092950" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Disabled/BrowserBlacklist/Enabled/BrowserPreReadExperiment/20-pct/ChromeSuggestions/ML Kodachrome dev/EnhancedBookmarks/Default/ExtensionInstallVerification/None/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/cd=1a:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30/SPDY/SpdyEnabled/SettingsEnforcement/enforce_always_with_extensions/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="4908.8.914415547\26899647" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Disabled/BrowserBlacklist/Enabled/BrowserPreReadExperiment/20-pct/ChromeSuggestions/ML Kodachrome dev/EnhancedBookmarks/Default/ExtensionInstallVerification/None/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/cd=1a:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30/SPDY/SpdyEnabled/SettingsEnforcement/enforce_always_with_extensions/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="4908.10.1699072949\72165719" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Jarka\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll [2011-12-09 436152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL [2011-03-31 210872]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-19 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll [2011-12-09 436152]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-22 10920552]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"Acer ePower Management"=C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [2010-06-11 861216]
"FileOpenBroker"=C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [2012-10-17 1092528]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-07-15 39408]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-06-22 968272]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-21 98304]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-04-25 4101584]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2014-03-18 137352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-06-20 19:37:24 ----D---- C:\rsit
2014-06-20 09:35:51 ----D---- C:\Users\Jarka\AppData\Roaming\QuickScan
2014-06-18 23:18:34 ----A---- C:\Windows\system32\usp10.dll
2014-06-18 23:18:33 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-06-18 23:18:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-18 23:18:26 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 23:18:12 ----A---- C:\Windows\system32\msxml6.dll
2014-06-18 23:18:12 ----A---- C:\Windows\system32\msxml3.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-06-18 23:18:11 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-18 23:17:40 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-06-18 23:17:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-06-18 23:17:40 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 23:17:39 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-06-18 23:17:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-06-18 23:17:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-06-18 23:17:38 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-06-18 23:17:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:17:37 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-06-18 23:17:35 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-06-18 23:17:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-06-18 23:17:34 ----A---- C:\Windows\system32\urlmon.dll
2014-06-18 23:17:33 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-06-18 23:17:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-06-18 23:17:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-06-18 23:17:32 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-18 23:17:31 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-06-18 23:17:31 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-06-18 23:17:31 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-18 23:17:31 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-18 23:17:30 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-18 23:17:29 ----A---- C:\Windows\system32\iesetup.dll
2014-06-18 23:17:28 ----A---- C:\Windows\system32\iertutil.dll
2014-06-18 23:17:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-06-18 23:17:27 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-06-18 23:17:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-06-18 23:17:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-06-18 23:17:26 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-18 23:17:26 ----A---- C:\Windows\system32\iernonce.dll
2014-06-18 23:17:25 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\ieui.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\ieframe.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\vbscript.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-18 23:17:22 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-18 23:17:21 ----A---- C:\Windows\system32\wininet.dll
2014-06-18 23:17:18 ----A---- C:\Windows\system32\msrating.dll
2014-06-18 23:17:16 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:17:16 ----A---- C:\Windows\system32\mshtml.dll
2014-06-18 23:07:17 ----D---- C:\ProgramData\9cbe8114ee46fdba
2014-06-18 23:07:06 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2014-06-17 20:38:24 ----SHD---- C:\Config.Msi
2014-06-11 11:48:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-06-11 11:48:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-11 11:48:37 ----A---- C:\Windows\system32\jscript9.dll
2014-06-06 13:11:26 ----D---- C:\Users\Jarka\AppData\Roaming\AVG2014
2014-06-06 13:09:42 ----D---- C:\Users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 13:08:52 ----HD---- C:\$AVG
2014-06-06 13:08:52 ----D---- C:\ProgramData\AVG2014
2014-06-06 13:07:44 ----D---- C:\Program Files (x86)\AVG
2014-06-06 12:36:09 ----HD---- C:\ProgramData\Common Files
2014-06-06 12:36:09 ----D---- C:\ProgramData\MFAData
2014-05-26 10:27:42 ----A---- C:\Windows\SYSWOW64\sho3CB3.tmp
2014-05-24 22:47:30 ----D---- C:\Users\Jarka\AppData\Roaming\Voipwise
2014-05-24 22:46:46 ----D---- C:\Program Files (x86)\Voipwise.com
======List of files/folders modified in the last 1 month======
2014-06-20 19:37:37 ----D---- C:\Program Files\trend micro
2014-06-20 19:37:21 ----D---- C:\Windows\Temp
2014-06-20 19:35:32 ----D---- C:\Windows\system32\config
2014-06-20 19:18:54 ----D---- C:\AdwCleaner
2014-06-20 19:18:48 ----D---- C:\Windows\Tasks
2014-06-20 19:18:48 ----D---- C:\Windows\system32\Tasks
2014-06-20 19:18:47 ----RD---- C:\Program Files (x86)
2014-06-20 19:18:43 ----HD---- C:\ProgramData
2014-06-20 09:29:41 ----D---- C:\Windows\winsxs
2014-06-20 09:27:45 ----D---- C:\Program Files\Internet Explorer
2014-06-20 09:27:43 ----D---- C:\Windows\SYSWOW64\en-US
2014-06-20 09:27:43 ----D---- C:\Windows\SysWOW64
2014-06-20 09:27:41 ----D---- C:\Windows\system32\en-US
2014-06-20 09:27:41 ----D---- C:\Windows\System32
2014-06-20 09:27:39 ----D---- C:\Program Files (x86)\Internet Explorer
2014-06-19 15:28:47 ----SHD---- C:\System Volume Information
2014-06-19 15:13:46 ----SD---- C:\Users\Jarka\AppData\Roaming\Microsoft
2014-06-19 10:02:21 ----D---- C:\Windows\system32\drivers
2014-06-19 10:02:19 ----D---- C:\Windows\system32\DriverStore
2014-06-19 10:02:13 ----D---- C:\Windows\inf
2014-06-19 09:40:20 ----D---- C:\Windows\system32\MRT
2014-06-19 09:40:19 ----D---- C:\Windows\debug
2014-06-19 09:40:11 ----A---- C:\Windows\system32\MRT.exe
2014-06-19 09:22:32 ----D---- C:\Windows
2014-06-18 23:21:16 ----D---- C:\Users\Jarka\AppData\Roaming\SoftGrid Client
2014-06-18 23:13:06 ----D---- C:\Windows\system32\catroot
2014-06-18 23:13:05 ----D---- C:\Windows\system32\catroot2
2014-06-18 23:06:53 ----HD---- C:\Windows\system32\GroupPolicy
2014-06-18 23:06:53 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-06-18 23:06:41 ----D---- C:\Program Files (x86)\Google
2014-06-18 23:06:22 ----RD---- C:\Users
2014-06-18 16:25:19 ----D---- C:\Windows\system32\wbem
2014-06-18 16:23:48 ----SD---- C:\Windows\system32\CompatTel
2014-06-18 16:23:48 ----D---- C:\Windows\PolicyDefinitions
2014-06-18 16:23:47 ----D---- C:\Windows\system32\wfp
2014-06-18 16:23:46 ----D---- C:\Windows\system32\drivers\UMDF
2014-06-18 16:23:46 ----D---- C:\Windows\system32\CodeIntegrity
2014-06-18 16:23:44 ----SHD---- C:\Windows\Installer
2014-06-18 16:23:27 ----D---- C:\ProgramData\AVAST Software
2014-06-18 16:23:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-06-18 16:23:19 ----RD---- C:\Program Files
2014-06-18 16:23:19 ----D---- C:\Program Files\AVAST Software
2014-06-18 16:23:13 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 16:22:11 ----D---- C:\Windows\Minidump
2014-06-18 16:21:44 ----D---- C:\Windows\registration
2014-06-18 16:20:26 ----D---- C:\Windows\Microsoft.NET
2014-06-18 16:20:15 ----RSD---- C:\Windows\Media
2014-06-18 16:20:15 ----D---- C:\Windows\LP
2014-06-18 16:20:04 ----D---- C:\Windows\IME
2014-06-18 16:20:04 ----D---- C:\Windows\Help
2014-06-18 16:20:04 ----D---- C:\Windows\Globalization
2014-06-18 16:20:04 ----D---- C:\Windows\ERUNT
2014-06-18 16:20:04 ----D---- C:\Windows\ehome
2014-06-18 16:20:02 ----D---- C:\Windows\diagnostics
2014-06-18 16:20:02 ----D---- C:\Windows\Branding
2014-06-18 16:20:02 ----D---- C:\Windows\Boot
2014-06-18 16:19:55 ----RSD---- C:\Windows\assembly
2014-06-18 16:19:26 ----D---- C:\Windows\AppPatch
2014-06-18 16:19:25 ----D---- C:\Windows\AppCompat
2014-06-18 16:19:13 ----D---- C:\Program Files\Windows Sidebar
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Photo Viewer
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows NT
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Media Player
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Mail
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Journal
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Defender
2014-06-18 16:19:12 ----D---- C:\Program Files\Reference Assemblies
2014-06-18 16:19:12 ----D---- C:\Program Files\Realtek
2014-06-18 16:19:12 ----D---- C:\Program Files\Preload
2014-06-18 16:19:12 ----D---- C:\Program Files\PDF_VIEWER
2014-06-18 16:19:12 ----D---- C:\Program Files\MSBuild
2014-06-18 16:19:11 ----D---- C:\Program Files\Microsoft Silverlight
2014-06-18 16:19:10 ----D---- C:\Program Files\Microsoft Office
2014-06-18 16:19:10 ----D---- C:\Program Files\Microsoft Games
2014-06-18 16:19:06 ----D---- C:\Program Files\Google
2014-06-18 16:19:05 ----D---- C:\Program Files\FileOpen
2014-06-18 16:19:05 ----D---- C:\Program Files\eMachines
2014-06-18 16:19:03 ----D---- C:\Program Files\DVD Maker
2014-06-18 16:19:03 ----D---- C:\Program Files\DIFX
2014-06-18 16:19:03 ----D---- C:\Program Files\Common Files\System
2014-06-18 16:19:03 ----D---- C:\Program Files\Common Files
2014-06-18 16:19:02 ----D---- C:\Program Files\Common Files\SpeechEngines
2014-06-18 16:19:01 ----D---- C:\Program Files\CCleaner
2014-06-18 16:18:14 ----D---- C:\Program Files\ATI
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Sidebar
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows NT
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Media Player
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Mail
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Live
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Defender
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Symantec
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Software602
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Reference Assemblies
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Realtek
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\PDFCreator
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\PDF Architect
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\O2
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\NTI
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\NortonInstaller
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Norton Internet Security
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\MSECache
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\MSBuild
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Microsoft
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Office
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-06-18 16:18:08 ----D---- C:\Program Files (x86)\Launch Manager
2014-06-18 16:18:07 ----D---- C:\Program Files (x86)\Kodak
2014-06-18 16:18:07 ----D---- C:\Program Files (x86)\Java
2014-06-18 16:18:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-18 16:18:05 ----D---- C:\Program Files (x86)\HWSD_v121
2014-06-18 16:18:00 ----D---- C:\Program Files (x86)\eMachines Games
2014-06-18 16:18:00 ----D---- C:\Program Files (x86)\eMachines
2014-06-18 16:17:58 ----D---- C:\Program Files (x86)\Common Files
2014-06-18 16:17:57 ----D---- C:\Program Files (x86)\CheckPoint
2014-06-18 16:17:57 ----D---- C:\Program Files (x86)\BSplayer
2014-06-18 16:17:56 ----D---- C:\Program Files (x86)\ATI Technologies
2014-06-18 16:17:56 ----D---- C:\Program Files (x86)\Adobe
2014-06-15 21:32:12 ----D---- C:\Windows\ModemLogs
2014-06-15 21:15:45 ----D---- C:\Windows\SoftwareDistribution
2014-06-06 12:28:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-31 21:44:33 ----D---- C:\Windows\Prefetch
2014-05-30 09:03:48 ----D---- C:\Users\Jarka\AppData\Roaming\Adobe
2014-05-24 21:25:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-05-21 09:19:05 ----D---- C:\Windows\system32\wdi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-11-14 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys [2010-11-09 476792]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS [2011-03-31 40568]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2014-03-18 451480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-04-21 6406144]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-04-21 188928]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-05-11 2229608]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-22 2399848]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-20 18432]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-01-27 231328]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2011-05-12 174200]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-07-09 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-06-06 122584]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110109.003\ENG64.SYS [2010-12-19 117880]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110109.003\EX64.SYS [2010-12-19 1791096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS [2011-03-31 744568]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-04-21 202752]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-06-11 868896]
R2 FileOpenManagerService;FileOpen Manager Service; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [2012-10-17 335288]
R2 GREGService;GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-04-25 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 Updater Service;Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-29 243232]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2014-03-18 3558112]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-04-25 1738200]
S2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-02-23 81752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17 257712]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-15 655624]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [2010-04-04 246520]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu RSIT - VirusTotal našel Trojan
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
Zdravim 
Kouknete poradne na ten vysledek kontroly
Odinstalujte Spybota, program je zastaraly.
MBAM neco nasel? Byla to kompletni kontrola, nebo jen rychla?
Kouknete poradne na ten vysledek kontroly
To je analyza skoro 3 roky stara. Aby se otestoval ten vas soubor, musite kliknout na Reanalyse (Otestovat znovu)Honzabus píše:SHA256: fea8c0a81bb137fb7fc319d493195e5c995c6a07b6c91fc425f2e0ba89ba9c91
File name: 602updsvc.exe
Detection ratio: 1 / 43
Analysis date: 2011-09-02 10:06:52 UTC ( 2 roky, 9 měsíců ago )
Odinstalujte Spybota, program je zastaraly. MBAM neco nasel? Byla to kompletni kontrola, nebo jen rychla?Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
Diky. Nenašel jsem tlačícko "rescan" v tom Virustotalu,
ale ani MBAM se mi nějak v poslední době nespouští v okně, jen ve Správci úloh se ukáže že běží, ale nic se nikde neobjeví, ani minimaliz.verze na panelu.
Nechápu co s ním je...
Můžu postupovat nějak jinak pls?
díky
ale ani MBAM se mi nějak v poslední době nespouští v okně, jen ve Správci úloh se ukáže že běží, ale nic se nikde neobjeví, ani minimaliz.verze na panelu.
Nechápu co s ním je...
Můžu postupovat nějak jinak pls?
díky
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
tak už jsem "Reanalyze" našel, prošel to a nic nenašel, chcci se ještě zeptat, je to opravdu spolehlivé, když to Virus Total projede?
Je potřeba dát Reanalyze u každého zvlášť? /myslel jsem, že to Virus Total scannuje aktuálně pokaždé, když zapnu ProcExp....
Díky !
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
100% ne, ale vetsinou to hodne napovi.Honzabus píše:chcci se ještě zeptat, je to opravdu spolehlivé, když to Virus Total projede?
Pokud uz nekdo soubor se stejnym nazvem testoval, musi se dat vzdy reanalyse.Honzabus píše:Je potřeba dát Reanalyze u každého zvlášť?
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
super, vše funguje normálně, to jsem rád
zde je log:
ComboFix 14-06-19.01 - Jarka 20.06.2014 20:41:56.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1787.836 [GMT 2:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-20 do 2014-06-20 )))))))))))))))))))))))))))))))
.
.
2014-06-20 18:50 . 2014-06-20 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-20 17:37 . 2014-06-20 17:38 -------- d-----w- C:\rsit
2014-06-20 17:19 . 2014-06-20 18:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30E0AC32-A31B-4CF7-B2C9-D59A89A9CBEF}\offreg.dll
2014-06-20 16:56 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30E0AC32-A31B-4CF7-B2C9-D59A89A9CBEF}\mpengine.dll
2014-06-20 07:35 . 2014-06-20 07:35 -------- d-----w- c:\users\Jarka\AppData\Roaming\QuickScan
2014-06-18 21:18 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 21:18 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-18 21:18 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-18 21:18 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 21:18 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-18 21:18 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-18 21:18 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-18 21:18 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-18 21:18 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-18 21:18 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-18 21:18 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-06-18 21:18 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-06-18 21:07 . 2014-06-18 21:07 -------- d-----w- c:\programdata\9cbe8114ee46fdba
2014-06-18 21:07 . 2014-06-18 21:07 -------- d-----w- c:\users\Jarka\AppData\Local\Packages
2014-06-18 21:07 . 2014-06-20 16:39 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Jarka\AppData\Local\Comodo
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Guest
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Administrator
2014-06-11 09:48 . 2014-05-30 09:49 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-06-11 09:48 . 2014-05-30 08:24 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-11 09:48 . 2014-05-30 09:08 5782528 ----a-w- c:\windows\system32\jscript9.dll
2014-06-11 09:48 . 2014-05-30 07:20 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-06-06 11:11 . 2014-06-06 11:11 -------- d-----w- c:\users\Jarka\AppData\Roaming\AVG2014
2014-06-06 11:09 . 2014-06-06 11:09 -------- d-----w- c:\users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 11:08 . 2014-06-18 14:22 -------- d-----w- c:\programdata\AVG2014
2014-06-06 11:08 . 2014-06-06 11:08 -------- d-----w- C:\$AVG
2014-06-06 11:07 . 2014-06-18 14:17 -------- d-----w- c:\program files (x86)\AVG
2014-06-06 10:36 . 2014-06-18 14:19 -------- d-----w- c:\programdata\MFAData
2014-06-06 10:36 . 2014-06-10 08:21 -------- d-----w- c:\users\Jarka\AppData\Local\Avg2014
2014-06-06 10:36 . 2014-06-06 10:36 -------- d--h--w- c:\programdata\Common Files
2014-06-06 10:36 . 2014-06-06 10:36 -------- d-----w- c:\users\Jarka\AppData\Local\MFAData
2014-05-26 08:27 . 2014-05-26 08:27 0 ----a-w- c:\windows\SysWow64\sho3CB3.tmp
2014-05-24 20:47 . 2014-05-24 21:12 -------- d-----w- c:\users\Jarka\AppData\Roaming\Voipwise
2014-05-24 20:46 . 2014-06-18 14:18 -------- d-----w- c:\program files (x86)\Voipwise.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-19 07:40 . 2014-05-05 08:37 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-06 10:35 . 2014-05-11 15:58 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 17:13 . 2014-05-10 19:58 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-17 17:13 . 2014-05-10 19:58 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 05:26 . 2014-05-11 15:57 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:26 . 2014-05-11 15:57 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2014-05-11 15:57 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-11 18:55 . 2014-05-11 19:26 24064 ----a-w- c:\windows\zoek-delete.exe
2014-05-11 11:05 . 2011-02-22 13:18 148856 ----a-w- c:\program files (x86)\Autologon.exe
2014-05-11 11:05 . 2007-11-20 11:25 1049640 ----a-w- c:\program files (x86)\ADInsight.exe
2014-05-11 11:05 . 2006-11-01 12:05 150328 ----a-w- c:\program files (x86)\adrestore.exe
2014-05-11 11:05 . 2012-11-14 09:22 479832 ----a-w- c:\program files (x86)\ADExplorer.exe
2014-05-11 11:05 . 2006-11-01 12:06 174968 ----a-w- c:\program files (x86)\AccessEnum.exe
2014-05-11 11:05 . 2014-04-28 12:44 380608 ----a-w- c:\program files (x86)\accesschk.exe
2014-05-10 18:35 . 2014-05-10 18:35 43152 ----a-w- c:\windows\avastSS.scr
2014-05-09 06:14 . 2014-05-14 09:17 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 09:17 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-12 02:22 . 2014-05-14 09:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 09:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 09:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 09:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 09:15 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 09:15 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 09:15 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 09:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 09:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 07:35 . 2011-01-14 17:57 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-25 02:43 . 2014-05-14 09:17 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-03-18 137352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 FileOpenManagerService;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerService64.exe;c:\program files\FileOpen\Services\FileOpenManagerService64.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 08:34 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-10 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2012-10-17 1092528]
.
------- Doplňkový sken -------
.
uStart Page = https://login.szn.cz/?returnURL=https%3 ... ceId=email
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{E96338DC-1468-4918-8EC2-8454BFFC5025} - c:\programdata\SaveClicker\ADo6.exe
AddRemove-JNLP - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-06-20 20:54:39
ComboFix-quarantined-files.txt 2014-06-20 18:54
.
Před spuštěním: Volných bajtů: 163 064 270 848
Po spuštění: Volných bajtů: 162 443 923 456
.
- - End Of File - - 55A0C30E857AAA313EB5DE159F00908F
A36C5E4F47E84449FF07ED3517B43A31
zde je log:
ComboFix 14-06-19.01 - Jarka 20.06.2014 20:41:56.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1787.836 [GMT 2:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-20 do 2014-06-20 )))))))))))))))))))))))))))))))
.
.
2014-06-20 18:50 . 2014-06-20 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-20 17:37 . 2014-06-20 17:38 -------- d-----w- C:\rsit
2014-06-20 17:19 . 2014-06-20 18:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30E0AC32-A31B-4CF7-B2C9-D59A89A9CBEF}\offreg.dll
2014-06-20 16:56 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30E0AC32-A31B-4CF7-B2C9-D59A89A9CBEF}\mpengine.dll
2014-06-20 07:35 . 2014-06-20 07:35 -------- d-----w- c:\users\Jarka\AppData\Roaming\QuickScan
2014-06-18 21:18 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 21:18 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-18 21:18 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-18 21:18 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 21:18 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-18 21:18 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-18 21:18 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-18 21:18 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-18 21:18 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-18 21:18 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-18 21:18 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-06-18 21:18 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-06-18 21:07 . 2014-06-18 21:07 -------- d-----w- c:\programdata\9cbe8114ee46fdba
2014-06-18 21:07 . 2014-06-18 21:07 -------- d-----w- c:\users\Jarka\AppData\Local\Packages
2014-06-18 21:07 . 2014-06-20 16:39 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Jarka\AppData\Local\Comodo
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Guest
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Administrator
2014-06-11 09:48 . 2014-05-30 09:49 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-06-11 09:48 . 2014-05-30 08:24 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-11 09:48 . 2014-05-30 09:08 5782528 ----a-w- c:\windows\system32\jscript9.dll
2014-06-11 09:48 . 2014-05-30 07:20 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-06-06 11:11 . 2014-06-06 11:11 -------- d-----w- c:\users\Jarka\AppData\Roaming\AVG2014
2014-06-06 11:09 . 2014-06-06 11:09 -------- d-----w- c:\users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 11:08 . 2014-06-18 14:22 -------- d-----w- c:\programdata\AVG2014
2014-06-06 11:08 . 2014-06-06 11:08 -------- d-----w- C:\$AVG
2014-06-06 11:07 . 2014-06-18 14:17 -------- d-----w- c:\program files (x86)\AVG
2014-06-06 10:36 . 2014-06-18 14:19 -------- d-----w- c:\programdata\MFAData
2014-06-06 10:36 . 2014-06-10 08:21 -------- d-----w- c:\users\Jarka\AppData\Local\Avg2014
2014-06-06 10:36 . 2014-06-06 10:36 -------- d--h--w- c:\programdata\Common Files
2014-06-06 10:36 . 2014-06-06 10:36 -------- d-----w- c:\users\Jarka\AppData\Local\MFAData
2014-05-26 08:27 . 2014-05-26 08:27 0 ----a-w- c:\windows\SysWow64\sho3CB3.tmp
2014-05-24 20:47 . 2014-05-24 21:12 -------- d-----w- c:\users\Jarka\AppData\Roaming\Voipwise
2014-05-24 20:46 . 2014-06-18 14:18 -------- d-----w- c:\program files (x86)\Voipwise.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-19 07:40 . 2014-05-05 08:37 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-06 10:35 . 2014-05-11 15:58 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 17:13 . 2014-05-10 19:58 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-17 17:13 . 2014-05-10 19:58 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 05:26 . 2014-05-11 15:57 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:26 . 2014-05-11 15:57 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2014-05-11 15:57 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-11 18:55 . 2014-05-11 19:26 24064 ----a-w- c:\windows\zoek-delete.exe
2014-05-11 11:05 . 2011-02-22 13:18 148856 ----a-w- c:\program files (x86)\Autologon.exe
2014-05-11 11:05 . 2007-11-20 11:25 1049640 ----a-w- c:\program files (x86)\ADInsight.exe
2014-05-11 11:05 . 2006-11-01 12:05 150328 ----a-w- c:\program files (x86)\adrestore.exe
2014-05-11 11:05 . 2012-11-14 09:22 479832 ----a-w- c:\program files (x86)\ADExplorer.exe
2014-05-11 11:05 . 2006-11-01 12:06 174968 ----a-w- c:\program files (x86)\AccessEnum.exe
2014-05-11 11:05 . 2014-04-28 12:44 380608 ----a-w- c:\program files (x86)\accesschk.exe
2014-05-10 18:35 . 2014-05-10 18:35 43152 ----a-w- c:\windows\avastSS.scr
2014-05-09 06:14 . 2014-05-14 09:17 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 09:17 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-12 02:22 . 2014-05-14 09:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 09:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 09:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 09:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 09:15 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 09:15 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 09:15 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 09:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 09:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 07:35 . 2011-01-14 17:57 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-25 02:43 . 2014-05-14 09:17 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-03-18 137352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 FileOpenManagerService;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerService64.exe;c:\program files\FileOpen\Services\FileOpenManagerService64.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 08:34 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-10 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2012-10-17 1092528]
.
------- Doplňkový sken -------
.
uStart Page = https://login.szn.cz/?returnURL=https%3 ... ceId=email
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{E96338DC-1468-4918-8EC2-8454BFFC5025} - c:\programdata\SaveClicker\ADo6.exe
AddRemove-JNLP - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-06-20 20:54:39
ComboFix-quarantined-files.txt 2014-06-20 18:54
.
Před spuštěním: Volných bajtů: 163 064 270 848
Po spuštění: Volných bajtů: 162 443 923 456
.
- - End Of File - - 55A0C30E857AAA313EB5DE159F00908F
A36C5E4F47E84449FF07ED3517B43A31
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Odinstalujte Spybota, vypnete trvale Defender a pouzivejte jen jeden Firewall! Odinstalujte c:\program files (x86)\Zrychleni Pocitace a vse od AVG Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
File::
c:\windows\zoek-delete.exe
c:\windows\avastSS.scr
Folder::
c:\program files (x86)\Zrychleni Pocitace
c:\users\Jarka\AppData\Local\Comodo
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"SDTray"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
diky moc pracuju na tom...
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
tady je nový log, vypadá to, že se všechno spouští rychleji...
ComboFix 14-06-19.01 - Jarka 21.06.2014 10:19:23.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1787.751 [GMT 2:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jarka\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\avastSS.scr"
"c:\windows\zoek-delete.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jarka\AppData\Local\Comodo
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\background.html
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\BxVef.js
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\content.js
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\lsdb.js
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\manifest.json
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-21 do 2014-06-21 )))))))))))))))))))))))))))))))
.
.
2014-06-21 08:28 . 2014-06-21 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-20 17:37 . 2014-06-20 17:38 -------- d-----w- C:\rsit
2014-06-20 16:56 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30E0AC32-A31B-4CF7-B2C9-D59A89A9CBEF}\mpengine.dll
2014-06-20 16:55 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-20 16:55 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-20 07:35 . 2014-06-20 07:35 -------- d-----w- c:\users\Jarka\AppData\Roaming\QuickScan
2014-06-18 21:18 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 21:18 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-18 21:18 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-18 21:18 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 21:18 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-18 21:18 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-18 21:18 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-18 21:18 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-18 21:18 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-18 21:18 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-18 21:18 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-06-18 21:18 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-06-18 21:07 . 2014-06-18 21:07 -------- d-----w- c:\programdata\9cbe8114ee46fdba
2014-06-18 21:07 . 2014-06-18 21:07 -------- d-----w- c:\users\Jarka\AppData\Local\Packages
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Guest
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Administrator
2014-06-11 09:48 . 2014-05-30 09:49 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-06-11 09:48 . 2014-05-30 08:24 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-11 09:48 . 2014-05-30 09:08 5782528 ----a-w- c:\windows\system32\jscript9.dll
2014-06-11 09:48 . 2014-05-30 07:20 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-06-06 11:09 . 2014-06-06 11:09 -------- d-----w- c:\users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 11:07 . 2014-06-18 14:17 -------- d-----w- c:\program files (x86)\AVG
2014-06-06 10:36 . 2014-06-21 08:06 -------- d-----w- c:\programdata\MFAData
2014-06-06 10:36 . 2014-06-06 10:36 -------- d--h--w- c:\programdata\Common Files
2014-06-06 10:36 . 2014-06-06 10:36 -------- d-----w- c:\users\Jarka\AppData\Local\MFAData
2014-05-26 08:27 . 2014-05-26 08:27 0 ----a-w- c:\windows\SysWow64\sho3CB3.tmp
2014-05-24 20:47 . 2014-05-24 21:12 -------- d-----w- c:\users\Jarka\AppData\Roaming\Voipwise
2014-05-24 20:46 . 2014-06-18 14:18 -------- d-----w- c:\program files (x86)\Voipwise.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-19 07:40 . 2014-05-05 08:37 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-06 10:35 . 2014-05-11 15:58 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 17:13 . 2014-05-10 19:58 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-17 17:13 . 2014-05-10 19:58 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 05:26 . 2014-05-11 15:57 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:26 . 2014-05-11 15:57 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2014-05-11 15:57 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-11 18:55 . 2014-05-11 19:26 24064 ----a-w- c:\windows\zoek-delete.exe
2014-05-11 11:05 . 2011-02-22 13:18 148856 ----a-w- c:\program files (x86)\Autologon.exe
2014-05-11 11:05 . 2007-11-20 11:25 1049640 ----a-w- c:\program files (x86)\ADInsight.exe
2014-05-11 11:05 . 2006-11-01 12:05 150328 ----a-w- c:\program files (x86)\adrestore.exe
2014-05-11 11:05 . 2012-11-14 09:22 479832 ----a-w- c:\program files (x86)\ADExplorer.exe
2014-05-11 11:05 . 2006-11-01 12:06 174968 ----a-w- c:\program files (x86)\AccessEnum.exe
2014-05-11 11:05 . 2014-04-28 12:44 380608 ----a-w- c:\program files (x86)\accesschk.exe
2014-05-10 18:35 . 2014-05-10 18:35 43152 ----a-w- c:\windows\avastSS.scr
2014-04-12 02:22 . 2014-05-14 09:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 09:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 09:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 09:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 09:15 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 09:15 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 09:15 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 09:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 09:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 07:35 . 2011-01-14 17:57 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-25 02:43 . 2014-05-14 09:17 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-03-18 137352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 FileOpenManagerService;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerService64.exe;c:\program files\FileOpen\Services\FileOpenManagerService64.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 08:34 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-10 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2012-10-17 1092528]
.
------- Doplňkový sken -------
.
uStart Page = https://login.szn.cz/?returnURL=https%3 ... ceId=email
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{E96338DC-1468-4918-8EC2-8454BFFC5025} - c:\programdata\SaveClicker\ADo6.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
.
**************************************************************************
.
Celkový čas: 2014-06-21 10:41:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-21 08:41
ComboFix2.txt 2014-06-20 18:54
.
Před spuštěním: Volných bajtů: 163 903 672 320
Po spuštění: Volných bajtů: 163 465 437 184
.
- - End Of File - - C997218B28A1986684E5F1AA76D19AD0
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-06-19.01 - Jarka 21.06.2014 10:19:23.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1787.751 [GMT 2:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jarka\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\avastSS.scr"
"c:\windows\zoek-delete.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jarka\AppData\Local\Comodo
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\background.html
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\BxVef.js
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\content.js
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\lsdb.js
c:\users\Jarka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bggcdpdfjljmofojgdpalhlhcfghjfgl\2.1\manifest.json
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-21 do 2014-06-21 )))))))))))))))))))))))))))))))
.
.
2014-06-21 08:28 . 2014-06-21 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-20 17:37 . 2014-06-20 17:38 -------- d-----w- C:\rsit
2014-06-20 16:56 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30E0AC32-A31B-4CF7-B2C9-D59A89A9CBEF}\mpengine.dll
2014-06-20 16:55 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-20 16:55 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-20 07:35 . 2014-06-20 07:35 -------- d-----w- c:\users\Jarka\AppData\Roaming\QuickScan
2014-06-18 21:18 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 21:18 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-18 21:18 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-18 21:18 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 21:18 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-18 21:18 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-18 21:18 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-18 21:18 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-18 21:18 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-18 21:18 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-18 21:18 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-06-18 21:18 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-06-18 21:07 . 2014-06-18 21:07 -------- d-----w- c:\programdata\9cbe8114ee46fdba
2014-06-18 21:07 . 2014-06-18 21:07 -------- d-----w- c:\users\Jarka\AppData\Local\Packages
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Guest
2014-06-18 21:06 . 2014-06-18 21:06 -------- d-----w- c:\users\Administrator
2014-06-11 09:48 . 2014-05-30 09:49 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-06-11 09:48 . 2014-05-30 08:24 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-11 09:48 . 2014-05-30 09:08 5782528 ----a-w- c:\windows\system32\jscript9.dll
2014-06-11 09:48 . 2014-05-30 07:20 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-06-06 11:09 . 2014-06-06 11:09 -------- d-----w- c:\users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 11:07 . 2014-06-18 14:17 -------- d-----w- c:\program files (x86)\AVG
2014-06-06 10:36 . 2014-06-21 08:06 -------- d-----w- c:\programdata\MFAData
2014-06-06 10:36 . 2014-06-06 10:36 -------- d--h--w- c:\programdata\Common Files
2014-06-06 10:36 . 2014-06-06 10:36 -------- d-----w- c:\users\Jarka\AppData\Local\MFAData
2014-05-26 08:27 . 2014-05-26 08:27 0 ----a-w- c:\windows\SysWow64\sho3CB3.tmp
2014-05-24 20:47 . 2014-05-24 21:12 -------- d-----w- c:\users\Jarka\AppData\Roaming\Voipwise
2014-05-24 20:46 . 2014-06-18 14:18 -------- d-----w- c:\program files (x86)\Voipwise.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-19 07:40 . 2014-05-05 08:37 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-06 10:35 . 2014-05-11 15:58 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 17:13 . 2014-05-10 19:58 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-17 17:13 . 2014-05-10 19:58 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 05:26 . 2014-05-11 15:57 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:26 . 2014-05-11 15:57 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2014-05-11 15:57 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-11 18:55 . 2014-05-11 19:26 24064 ----a-w- c:\windows\zoek-delete.exe
2014-05-11 11:05 . 2011-02-22 13:18 148856 ----a-w- c:\program files (x86)\Autologon.exe
2014-05-11 11:05 . 2007-11-20 11:25 1049640 ----a-w- c:\program files (x86)\ADInsight.exe
2014-05-11 11:05 . 2006-11-01 12:05 150328 ----a-w- c:\program files (x86)\adrestore.exe
2014-05-11 11:05 . 2012-11-14 09:22 479832 ----a-w- c:\program files (x86)\ADExplorer.exe
2014-05-11 11:05 . 2006-11-01 12:06 174968 ----a-w- c:\program files (x86)\AccessEnum.exe
2014-05-11 11:05 . 2014-04-28 12:44 380608 ----a-w- c:\program files (x86)\accesschk.exe
2014-05-10 18:35 . 2014-05-10 18:35 43152 ----a-w- c:\windows\avastSS.scr
2014-04-12 02:22 . 2014-05-14 09:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 09:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 09:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 09:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 09:15 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 09:15 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 09:15 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 09:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 09:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 07:35 . 2011-01-14 17:57 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-25 02:43 . 2014-05-14 09:17 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-03-18 137352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 FileOpenManagerService;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerService64.exe;c:\program files\FileOpen\Services\FileOpenManagerService64.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 08:34 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-10 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2012-10-17 1092528]
.
------- Doplňkový sken -------
.
uStart Page = https://login.szn.cz/?returnURL=https%3 ... ceId=email
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{E96338DC-1468-4918-8EC2-8454BFFC5025} - c:\programdata\SaveClicker\ADo6.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
.
**************************************************************************
.
Celkový čas: 2014-06-21 10:41:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-21 08:41
ComboFix2.txt 2014-06-20 18:54
.
Před spuštěním: Volných bajtů: 163 903 672 320
Po spuštění: Volných bajtů: 163 465 437 184
.
- - End Of File - - C997218B28A1986684E5F1AA76D19AD0
A36C5E4F47E84449FF07ED3517B43A31
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
Pozor na pouzivane TuneUp, dokaze to v pc nadelat peknou paseku. CF pise, ze Norton je neaktualizovany. Zkontrolujte radeji, jestli bezi jeho aktualizace. Odinstalujte MBAM, stejne jste psal, ze nefunguje jak ma. Dejte novy log z RSITPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
díky, všechno běží o dost rychleji.Márty84 píše::arrow: Pozor na pouzivane TuneUp, dokaze to v pc nadelat peknou paseku.
:arrow: CF pise, ze Norton je neaktualizovany. Zkontrolujte radeji, jestli bezi jeho aktualizace.
:arrow: Odinstalujte MBAM, stejne jste psal, ze nefunguje jak ma.
:arrow: Dejte novy log z RSIT
co je to TuneUp?
Zkusím najít Norton aktualizaci - to zjistím v Správci úloh viďte? :)
MBAM nejde odinstalovat - píše mi to, že soubor neexistuje, přestože se v seznamu programů MBAM normálně objevuje a měl by jít odistalovat. ...
nový log RSIT níže:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jarka at 2014-06-21 11:17:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 156 GB (70%) free of 224 GB
Total RAM: 1787 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:50, on 21.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jarka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.szn.cz/?returnURL=https%3 ... ceId=email
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager Service (FileOpenManagerService) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
--
End of file - 9426 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe"
"C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe"
"C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {909EEDFB-CAEA-4BA8-8A03-CDB98BBF53AE}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe"
"taskhost.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\explorer.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3192.0.1217383240\1227697622" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,15 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x9712 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.713.3.3000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Disabled/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/ML Kodachrome dev/EnhancedBookmarks/Default/ExtensionInstallVerification/None/GoogleNow/Enable/Prerender/PrerenderNoUse/PrerenderLocalPredictorSpec/cd=1a:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30/SPDY/SpdyEnabled/SettingsEnforcement/enforce_always_with_extensions/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="3192.3.758052009\171388195" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Disabled/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/ML Kodachrome dev/EnhancedBookmarks/Default/ExtensionInstallVerification/None/GoogleNow/Enable/Prerender/PrerenderNoUse/PrerenderLocalPredictorSpec/cd=1a:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30/SPDY/SpdyEnabled/SettingsEnforcement/enforce_always_with_extensions/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="3192.4.1929612057\47108103" /prefetch:673131151
taskeng.exe {F8325EA3-1CD1-457A-B94C-C76B8AE1A45F}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Disabled/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/ML Kodachrome dev/EnhancedBookmarks/Default/ExtensionInstallVerification/None/GoogleNow/Enable/Prerender/PrerenderNoUse/PrerenderLocalPredictorSpec/cd=1a:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30/SPDY/SpdyEnabled/SettingsEnforcement/enforce_always_with_extensions/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="3192.5.212765470\1108784367" /prefetch:673131151
"C:\Users\Jarka\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll [2011-12-09 436152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL [2011-03-31 210872]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-19 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll [2011-12-09 436152]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-22 10920552]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"Acer ePower Management"=C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [2010-06-11 861216]
"FileOpenBroker"=C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [2012-10-17 1092528]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-06-22 968272]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-21 98304]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2014-03-18 137352]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-06-21 10:41:11 ----A---- C:\ComboFix.txt
2014-06-21 10:34:37 ----D---- C:\$RECYCLE.BIN
2014-06-21 09:42:58 ----A---- C:\Windows\wininit.ini
2014-06-20 20:39:17 ----A---- C:\Windows\zip.exe
2014-06-20 20:39:17 ----A---- C:\Windows\SWSC.exe
2014-06-20 20:39:17 ----A---- C:\Windows\SWREG.exe
2014-06-20 20:39:17 ----A---- C:\Windows\sed.exe
2014-06-20 20:39:17 ----A---- C:\Windows\PEV.exe
2014-06-20 20:39:17 ----A---- C:\Windows\NIRCMD.exe
2014-06-20 20:39:17 ----A---- C:\Windows\MBR.exe
2014-06-20 20:39:17 ----A---- C:\Windows\grep.exe
2014-06-20 20:37:24 ----D---- C:\Qoobox
2014-06-20 20:36:47 ----D---- C:\Windows\erdnt
2014-06-20 19:37:24 ----D---- C:\rsit
2014-06-20 18:55:28 ----A---- C:\Windows\system32\aepdu.dll
2014-06-20 18:55:27 ----A---- C:\Windows\system32\aeinv.dll
2014-06-20 09:35:51 ----D---- C:\Users\Jarka\AppData\Roaming\QuickScan
2014-06-18 23:18:34 ----A---- C:\Windows\system32\usp10.dll
2014-06-18 23:18:33 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-06-18 23:18:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-18 23:18:26 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 23:18:12 ----A---- C:\Windows\system32\msxml6.dll
2014-06-18 23:18:12 ----A---- C:\Windows\system32\msxml3.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-06-18 23:18:11 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-18 23:17:40 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-06-18 23:17:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-06-18 23:17:40 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 23:17:39 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-06-18 23:17:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-06-18 23:17:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-06-18 23:17:38 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-06-18 23:17:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:17:37 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-06-18 23:17:35 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-06-18 23:17:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-06-18 23:17:34 ----A---- C:\Windows\system32\urlmon.dll
2014-06-18 23:17:33 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-06-18 23:17:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-06-18 23:17:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-06-18 23:17:32 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-18 23:17:31 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-06-18 23:17:31 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-06-18 23:17:31 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-18 23:17:31 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-18 23:17:30 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-18 23:17:29 ----A---- C:\Windows\system32\iesetup.dll
2014-06-18 23:17:28 ----A---- C:\Windows\system32\iertutil.dll
2014-06-18 23:17:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-06-18 23:17:27 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-06-18 23:17:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-06-18 23:17:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-06-18 23:17:26 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-18 23:17:26 ----A---- C:\Windows\system32\iernonce.dll
2014-06-18 23:17:25 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\ieui.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\ieframe.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\vbscript.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-18 23:17:22 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-18 23:17:21 ----A---- C:\Windows\system32\wininet.dll
2014-06-18 23:17:18 ----A---- C:\Windows\system32\msrating.dll
2014-06-18 23:17:16 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:17:16 ----A---- C:\Windows\system32\mshtml.dll
2014-06-18 23:07:17 ----D---- C:\ProgramData\9cbe8114ee46fdba
2014-06-17 20:38:24 ----D---- C:\Config.Msi
2014-06-11 11:48:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-06-11 11:48:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-11 11:48:37 ----A---- C:\Windows\system32\jscript9.dll
2014-06-06 13:09:42 ----D---- C:\Users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 13:07:44 ----D---- C:\Program Files (x86)\AVG
2014-06-06 12:36:09 ----HD---- C:\ProgramData\Common Files
2014-06-06 12:36:09 ----D---- C:\ProgramData\MFAData
2014-05-26 10:27:42 ----A---- C:\Windows\SYSWOW64\sho3CB3.tmp
2014-05-24 22:47:30 ----D---- C:\Users\Jarka\AppData\Roaming\Voipwise
2014-05-24 22:46:46 ----D---- C:\Program Files (x86)\Voipwise.com
======List of files/folders modified in the last 1 month======
2014-06-21 11:17:48 ----D---- C:\Program Files\trend micro
2014-06-21 11:17:43 ----D---- C:\Windows\Temp
2014-06-21 10:44:14 ----D---- C:\Windows\system32\config
2014-06-21 10:41:16 ----D---- C:\Windows\system32\drivers
2014-06-21 10:34:42 ----D---- C:\Windows
2014-06-21 10:34:42 ----A---- C:\Windows\system.ini
2014-06-21 10:34:28 ----D---- C:\Windows\system32\drivers\etc
2014-06-21 10:24:42 ----D---- C:\Windows\SYSWOW64\drivers
2014-06-21 10:24:42 ----D---- C:\Windows\SysWOW64
2014-06-21 10:24:42 ----D---- C:\Windows\AppPatch
2014-06-21 10:24:40 ----D---- C:\Program Files (x86)\Common Files
2014-06-21 10:06:20 ----D---- C:\ProgramData
2014-06-21 10:06:16 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-21 10:03:46 ----RD---- C:\Program Files (x86)
2014-06-21 10:01:46 ----SHD---- C:\Windows\Installer
2014-06-21 10:01:31 ----SHD---- C:\System Volume Information
2014-06-21 09:57:11 ----D---- C:\Windows\inf
2014-06-21 09:44:43 ----D---- C:\Windows\System32
2014-06-21 09:44:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-06-21 09:44:37 ----SD---- C:\ProgramData\Microsoft
2014-06-21 09:25:22 ----D---- C:\Windows\SoftwareDistribution
2014-06-21 09:22:44 ----D---- C:\Windows\Minidump
2014-06-21 09:15:26 ----D---- C:\Windows\ModemLogs
2014-06-21 09:15:20 ----D---- C:\Windows\debug
2014-06-20 22:13:03 ----SD---- C:\Windows\system32\CompatTel
2014-06-20 22:12:48 ----D---- C:\Windows\winsxs
2014-06-20 22:10:19 ----D---- C:\Users\Jarka\AppData\Roaming\SoftGrid Client
2014-06-20 20:52:13 ----D---- C:\Windows\system32\Tasks
2014-06-20 20:52:11 ----D---- C:\Windows\Tasks
2014-06-20 19:18:54 ----D---- C:\AdwCleaner
2014-06-20 09:27:45 ----D---- C:\Program Files\Internet Explorer
2014-06-20 09:27:43 ----D---- C:\Windows\SYSWOW64\en-US
2014-06-20 09:27:41 ----D---- C:\Windows\system32\en-US
2014-06-20 09:27:39 ----D---- C:\Program Files (x86)\Internet Explorer
2014-06-19 15:13:46 ----SD---- C:\Users\Jarka\AppData\Roaming\Microsoft
2014-06-19 10:02:19 ----D---- C:\Windows\system32\DriverStore
2014-06-19 09:45:13 ----D---- C:\Windows\system32\MRT
2014-06-19 09:40:11 ----A---- C:\Windows\system32\MRT.exe
2014-06-18 23:13:06 ----D---- C:\Windows\system32\catroot
2014-06-18 23:13:05 ----D---- C:\Windows\system32\catroot2
2014-06-18 23:06:53 ----HD---- C:\Windows\system32\GroupPolicy
2014-06-18 23:06:53 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-06-18 23:06:41 ----D---- C:\Program Files (x86)\Google
2014-06-18 23:06:22 ----RD---- C:\Users
2014-06-18 16:25:19 ----D---- C:\Windows\system32\wbem
2014-06-18 16:23:48 ----D---- C:\Windows\PolicyDefinitions
2014-06-18 16:23:47 ----D---- C:\Windows\system32\wfp
2014-06-18 16:23:46 ----D---- C:\Windows\system32\drivers\UMDF
2014-06-18 16:23:46 ----D---- C:\Windows\system32\CodeIntegrity
2014-06-18 16:23:27 ----D---- C:\ProgramData\AVAST Software
2014-06-18 16:23:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-06-18 16:23:19 ----RD---- C:\Program Files
2014-06-18 16:23:19 ----D---- C:\Program Files\AVAST Software
2014-06-18 16:23:13 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 16:21:44 ----D---- C:\Windows\registration
2014-06-18 16:20:26 ----D---- C:\Windows\Microsoft.NET
2014-06-18 16:20:15 ----RSD---- C:\Windows\Media
2014-06-18 16:20:15 ----D---- C:\Windows\LP
2014-06-18 16:20:04 ----D---- C:\Windows\IME
2014-06-18 16:20:04 ----D---- C:\Windows\Help
2014-06-18 16:20:04 ----D---- C:\Windows\Globalization
2014-06-18 16:20:04 ----D---- C:\Windows\ERUNT
2014-06-18 16:20:04 ----D---- C:\Windows\ehome
2014-06-18 16:20:02 ----D---- C:\Windows\diagnostics
2014-06-18 16:20:02 ----D---- C:\Windows\Branding
2014-06-18 16:20:02 ----D---- C:\Windows\Boot
2014-06-18 16:19:55 ----RSD---- C:\Windows\assembly
2014-06-18 16:19:25 ----D---- C:\Windows\AppCompat
2014-06-18 16:19:13 ----D---- C:\Program Files\Windows Sidebar
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Photo Viewer
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows NT
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Media Player
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Mail
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Journal
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Defender
2014-06-18 16:19:12 ----D---- C:\Program Files\Reference Assemblies
2014-06-18 16:19:12 ----D---- C:\Program Files\Realtek
2014-06-18 16:19:12 ----D---- C:\Program Files\Preload
2014-06-18 16:19:12 ----D---- C:\Program Files\PDF_VIEWER
2014-06-18 16:19:12 ----D---- C:\Program Files\MSBuild
2014-06-18 16:19:11 ----D---- C:\Program Files\Microsoft Silverlight
2014-06-18 16:19:10 ----D---- C:\Program Files\Microsoft Office
2014-06-18 16:19:10 ----D---- C:\Program Files\Microsoft Games
2014-06-18 16:19:06 ----D---- C:\Program Files\Google
2014-06-18 16:19:05 ----D---- C:\Program Files\FileOpen
2014-06-18 16:19:05 ----D---- C:\Program Files\eMachines
2014-06-18 16:19:03 ----D---- C:\Program Files\DVD Maker
2014-06-18 16:19:03 ----D---- C:\Program Files\DIFX
2014-06-18 16:19:03 ----D---- C:\Program Files\Common Files\System
2014-06-18 16:19:03 ----D---- C:\Program Files\Common Files
2014-06-18 16:19:02 ----D---- C:\Program Files\Common Files\SpeechEngines
2014-06-18 16:19:01 ----D---- C:\Program Files\CCleaner
2014-06-18 16:18:14 ----D---- C:\Program Files\ATI
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Sidebar
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows NT
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Media Player
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Mail
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Live
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Defender
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Symantec
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Software602
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Reference Assemblies
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Realtek
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\PDFCreator
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\PDF Architect
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\O2
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\NTI
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\NortonInstaller
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Norton Internet Security
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\MSECache
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\MSBuild
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Microsoft
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Office
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-06-18 16:18:08 ----D---- C:\Program Files (x86)\Launch Manager
2014-06-18 16:18:07 ----D---- C:\Program Files (x86)\Kodak
2014-06-18 16:18:07 ----D---- C:\Program Files (x86)\Java
2014-06-18 16:18:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-18 16:18:05 ----D---- C:\Program Files (x86)\HWSD_v121
2014-06-18 16:18:00 ----D---- C:\Program Files (x86)\eMachines Games
2014-06-18 16:18:00 ----D---- C:\Program Files (x86)\eMachines
2014-06-18 16:17:57 ----D---- C:\Program Files (x86)\CheckPoint
2014-06-18 16:17:57 ----D---- C:\Program Files (x86)\BSplayer
2014-06-18 16:17:56 ----D---- C:\Program Files (x86)\ATI Technologies
2014-06-18 16:17:56 ----D---- C:\Program Files (x86)\Adobe
2014-06-06 12:28:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-31 21:44:33 ----D---- C:\Windows\Prefetch
2014-05-30 09:03:48 ----D---- C:\Users\Jarka\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-11-14 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys [2010-11-09 476792]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS [2011-03-31 40568]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2014-03-18 451480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-04-21 6406144]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-04-21 188928]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-05-11 2229608]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-22 2399848]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-20 18432]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-01-27 231328]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2011-05-12 174200]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-07-09 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-06-06 122584]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110109.003\ENG64.SYS [2010-12-19 117880]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110109.003\EX64.SYS [2010-12-19 1791096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS [2011-03-31 744568]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-04-21 202752]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-06-11 868896]
R2 FileOpenManagerService;FileOpen Manager Service; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [2012-10-17 335288]
R2 GREGService;GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 Updater Service;Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-29 243232]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2014-03-18 3558112]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-02-23 81752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17 257712]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-15 655624]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [2010-04-04 246520]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
díky
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
To je program na udrzbu pc, ale obcas smaze neco co nema a tezko se to pak opravuje. Byva soucasti AVG. V logu to vidim...Honzabus píše:co je to TuneUp?
2014-06-06 13:09:42 ----D---- C:\Users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 13:07:44 ----D---- C:\Program Files (x86)\AVG
Pokud to nepouzivate, odinstalujte vse od AVG a tim by mel zmizet i TuneUp.
Staci spustit Norton a tam by melo byt napsano, datum posledni aktualizace a verze databaze.Honzabus píše:Zkusím najít Norton aktualizaci - to zjistím v Správci úloh viďte?
Zkuste pouzit jejich cistic http://www.malwarebytes.org/mbam-clean.exe Kdyz to nepujde, odpalim ho silou.Honzabus píše:MBAM nejde odinstalovat - píše mi to, že soubor neexistuje, přestože se v seznamu programů MBAM normálně objevuje a měl by jít odistalovat. ...
Az to vsechno udelate, dejte novy log z RSIT, abych videl, co tam zbylo.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
Malware removal tool zafungovall...
Norton jsem asi kdysi odinstaloval, hlupák... teď se přes ikonu nespouští, a když dám Live Update, otevře se záhadné malinké okénko, kde nic není....
zde je nový log, AVG jsem odistaloval, ale nevím, jestli někde něco potvůrka nenechala...
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jarka at 2014-06-21 11:56:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 156 GB (70%) free of 224 GB
Total RAM: 1787 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:18, on 21.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\trend micro\Jarka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.szn.cz/?returnURL=https%3 ... ceId=email
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager Service (FileOpenManagerService) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
--
End of file - 9229 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {D93655E1-03B2-479D-9A36-D46F0726A79B}
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
taskeng.exe {D13F7AB9-5743-4ADF-9AF3-0D6E319C26EC}
"C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe"
"C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe"
"C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll" /prefetch:1
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe"
"C:\Program Files\FileOpen\Services\FileOpenBroker64.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Windows\system32\wermgr.exe" "-queuereporting_s_machine" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_zaprivacyservice_33db5880bb12fa574892a4fcab9a1a8ca74aaea8_0d15754e"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Users\Jarka\Downloads\RSITx64 (1).exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll [2011-12-09 436152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL [2011-03-31 210872]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-19 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll [2011-12-09 436152]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-22 10920552]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"Acer ePower Management"=C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [2010-06-11 861216]
"FileOpenBroker"=C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [2012-10-17 1092528]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-06-22 968272]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-21 98304]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2014-03-18 137352]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-06-21 10:41:11 ----A---- C:\ComboFix.txt
2014-06-21 10:34:37 ----D---- C:\$RECYCLE.BIN
2014-06-21 09:42:58 ----A---- C:\Windows\wininit.ini
2014-06-20 20:39:17 ----A---- C:\Windows\zip.exe
2014-06-20 20:39:17 ----A---- C:\Windows\SWSC.exe
2014-06-20 20:39:17 ----A---- C:\Windows\SWREG.exe
2014-06-20 20:39:17 ----A---- C:\Windows\sed.exe
2014-06-20 20:39:17 ----A---- C:\Windows\PEV.exe
2014-06-20 20:39:17 ----A---- C:\Windows\NIRCMD.exe
2014-06-20 20:39:17 ----A---- C:\Windows\MBR.exe
2014-06-20 20:39:17 ----A---- C:\Windows\grep.exe
2014-06-20 20:37:24 ----D---- C:\Qoobox
2014-06-20 20:36:47 ----D---- C:\Windows\erdnt
2014-06-20 19:37:24 ----D---- C:\rsit
2014-06-20 18:55:28 ----A---- C:\Windows\system32\aepdu.dll
2014-06-20 18:55:27 ----A---- C:\Windows\system32\aeinv.dll
2014-06-20 09:35:51 ----D---- C:\Users\Jarka\AppData\Roaming\QuickScan
2014-06-18 23:18:34 ----A---- C:\Windows\system32\usp10.dll
2014-06-18 23:18:33 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-06-18 23:18:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-18 23:18:26 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 23:18:12 ----A---- C:\Windows\system32\msxml6.dll
2014-06-18 23:18:12 ----A---- C:\Windows\system32\msxml3.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-06-18 23:18:11 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-18 23:17:40 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-06-18 23:17:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-06-18 23:17:40 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 23:17:39 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-06-18 23:17:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-06-18 23:17:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-06-18 23:17:38 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-06-18 23:17:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:17:37 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-06-18 23:17:35 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-06-18 23:17:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-06-18 23:17:34 ----A---- C:\Windows\system32\urlmon.dll
2014-06-18 23:17:33 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-06-18 23:17:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-06-18 23:17:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-06-18 23:17:32 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-18 23:17:31 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-06-18 23:17:31 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-06-18 23:17:31 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-18 23:17:31 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-18 23:17:30 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-18 23:17:29 ----A---- C:\Windows\system32\iesetup.dll
2014-06-18 23:17:28 ----A---- C:\Windows\system32\iertutil.dll
2014-06-18 23:17:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-06-18 23:17:27 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-06-18 23:17:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-06-18 23:17:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-06-18 23:17:26 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-18 23:17:26 ----A---- C:\Windows\system32\iernonce.dll
2014-06-18 23:17:25 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\ieui.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\ieframe.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\vbscript.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-18 23:17:22 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-18 23:17:21 ----A---- C:\Windows\system32\wininet.dll
2014-06-18 23:17:18 ----A---- C:\Windows\system32\msrating.dll
2014-06-18 23:17:16 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:17:16 ----A---- C:\Windows\system32\mshtml.dll
2014-06-18 23:07:17 ----D---- C:\ProgramData\9cbe8114ee46fdba
2014-06-17 20:38:24 ----D---- C:\Config.Msi
2014-06-11 11:48:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-06-11 11:48:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-11 11:48:37 ----A---- C:\Windows\system32\jscript9.dll
2014-06-06 13:09:42 ----D---- C:\Users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 13:07:44 ----D---- C:\Program Files (x86)\AVG
2014-06-06 12:36:09 ----HD---- C:\ProgramData\Common Files
2014-06-06 12:36:09 ----D---- C:\ProgramData\MFAData
2014-05-26 10:27:42 ----A---- C:\Windows\SYSWOW64\sho3CB3.tmp
2014-05-24 22:47:30 ----D---- C:\Users\Jarka\AppData\Roaming\Voipwise
2014-05-24 22:46:46 ----D---- C:\Program Files (x86)\Voipwise.com
======List of files/folders modified in the last 1 month======
2014-06-21 11:56:13 ----D---- C:\Program Files\trend micro
2014-06-21 11:56:04 ----D---- C:\Windows\Temp
2014-06-21 11:56:01 ----D---- C:\Windows\system32\config
2014-06-21 11:46:08 ----D---- C:\Windows\system32\drivers
2014-06-21 11:46:08 ----D---- C:\ProgramData
2014-06-21 11:46:06 ----RD---- C:\Program Files (x86)
2014-06-21 10:34:42 ----D---- C:\Windows
2014-06-21 10:34:42 ----A---- C:\Windows\system.ini
2014-06-21 10:34:28 ----D---- C:\Windows\system32\drivers\etc
2014-06-21 10:24:42 ----D---- C:\Windows\SYSWOW64\drivers
2014-06-21 10:24:42 ----D---- C:\Windows\SysWOW64
2014-06-21 10:24:42 ----D---- C:\Windows\AppPatch
2014-06-21 10:24:40 ----D---- C:\Program Files (x86)\Common Files
2014-06-21 10:06:16 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-21 10:01:46 ----SHD---- C:\Windows\Installer
2014-06-21 10:01:31 ----SHD---- C:\System Volume Information
2014-06-21 09:57:11 ----D---- C:\Windows\inf
2014-06-21 09:44:43 ----D---- C:\Windows\System32
2014-06-21 09:44:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-06-21 09:44:37 ----SD---- C:\ProgramData\Microsoft
2014-06-21 09:25:22 ----D---- C:\Windows\SoftwareDistribution
2014-06-21 09:22:44 ----D---- C:\Windows\Minidump
2014-06-21 09:15:26 ----D---- C:\Windows\ModemLogs
2014-06-21 09:15:20 ----D---- C:\Windows\debug
2014-06-20 22:13:03 ----SD---- C:\Windows\system32\CompatTel
2014-06-20 22:12:48 ----D---- C:\Windows\winsxs
2014-06-20 22:10:19 ----D---- C:\Users\Jarka\AppData\Roaming\SoftGrid Client
2014-06-20 20:52:13 ----D---- C:\Windows\system32\Tasks
2014-06-20 20:52:11 ----D---- C:\Windows\Tasks
2014-06-20 19:18:54 ----D---- C:\AdwCleaner
2014-06-20 09:27:45 ----D---- C:\Program Files\Internet Explorer
2014-06-20 09:27:43 ----D---- C:\Windows\SYSWOW64\en-US
2014-06-20 09:27:41 ----D---- C:\Windows\system32\en-US
2014-06-20 09:27:39 ----D---- C:\Program Files (x86)\Internet Explorer
2014-06-19 15:13:46 ----SD---- C:\Users\Jarka\AppData\Roaming\Microsoft
2014-06-19 10:02:19 ----D---- C:\Windows\system32\DriverStore
2014-06-19 09:45:13 ----D---- C:\Windows\system32\MRT
2014-06-19 09:40:11 ----A---- C:\Windows\system32\MRT.exe
2014-06-18 23:13:06 ----D---- C:\Windows\system32\catroot
2014-06-18 23:13:05 ----D---- C:\Windows\system32\catroot2
2014-06-18 23:06:53 ----HD---- C:\Windows\system32\GroupPolicy
2014-06-18 23:06:53 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-06-18 23:06:41 ----D---- C:\Program Files (x86)\Google
2014-06-18 23:06:22 ----RD---- C:\Users
2014-06-18 16:25:19 ----D---- C:\Windows\system32\wbem
2014-06-18 16:23:48 ----D---- C:\Windows\PolicyDefinitions
2014-06-18 16:23:47 ----D---- C:\Windows\system32\wfp
2014-06-18 16:23:46 ----D---- C:\Windows\system32\drivers\UMDF
2014-06-18 16:23:46 ----D---- C:\Windows\system32\CodeIntegrity
2014-06-18 16:23:27 ----D---- C:\ProgramData\AVAST Software
2014-06-18 16:23:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-06-18 16:23:19 ----RD---- C:\Program Files
2014-06-18 16:23:19 ----D---- C:\Program Files\AVAST Software
2014-06-18 16:21:44 ----D---- C:\Windows\registration
2014-06-18 16:20:26 ----D---- C:\Windows\Microsoft.NET
2014-06-18 16:20:15 ----RSD---- C:\Windows\Media
2014-06-18 16:20:15 ----D---- C:\Windows\LP
2014-06-18 16:20:04 ----D---- C:\Windows\IME
2014-06-18 16:20:04 ----D---- C:\Windows\Help
2014-06-18 16:20:04 ----D---- C:\Windows\Globalization
2014-06-18 16:20:04 ----D---- C:\Windows\ERUNT
2014-06-18 16:20:04 ----D---- C:\Windows\ehome
2014-06-18 16:20:02 ----D---- C:\Windows\diagnostics
2014-06-18 16:20:02 ----D---- C:\Windows\Branding
2014-06-18 16:20:02 ----D---- C:\Windows\Boot
2014-06-18 16:19:55 ----RSD---- C:\Windows\assembly
2014-06-18 16:19:25 ----D---- C:\Windows\AppCompat
2014-06-18 16:19:13 ----D---- C:\Program Files\Windows Sidebar
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Photo Viewer
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows NT
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Media Player
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Mail
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Journal
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Defender
2014-06-18 16:19:12 ----D---- C:\Program Files\Reference Assemblies
2014-06-18 16:19:12 ----D---- C:\Program Files\Realtek
2014-06-18 16:19:12 ----D---- C:\Program Files\Preload
2014-06-18 16:19:12 ----D---- C:\Program Files\PDF_VIEWER
2014-06-18 16:19:12 ----D---- C:\Program Files\MSBuild
2014-06-18 16:19:11 ----D---- C:\Program Files\Microsoft Silverlight
2014-06-18 16:19:10 ----D---- C:\Program Files\Microsoft Office
2014-06-18 16:19:10 ----D---- C:\Program Files\Microsoft Games
2014-06-18 16:19:06 ----D---- C:\Program Files\Google
2014-06-18 16:19:05 ----D---- C:\Program Files\FileOpen
2014-06-18 16:19:05 ----D---- C:\Program Files\eMachines
2014-06-18 16:19:03 ----D---- C:\Program Files\DVD Maker
2014-06-18 16:19:03 ----D---- C:\Program Files\DIFX
2014-06-18 16:19:03 ----D---- C:\Program Files\Common Files\System
2014-06-18 16:19:03 ----D---- C:\Program Files\Common Files
2014-06-18 16:19:02 ----D---- C:\Program Files\Common Files\SpeechEngines
2014-06-18 16:19:01 ----D---- C:\Program Files\CCleaner
2014-06-18 16:18:14 ----D---- C:\Program Files\ATI
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Sidebar
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows NT
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Media Player
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Mail
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Live
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Defender
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Symantec
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Software602
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Reference Assemblies
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Realtek
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\PDFCreator
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\PDF Architect
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\O2
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\NTI
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\NortonInstaller
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Norton Internet Security
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\MSECache
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\MSBuild
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Microsoft
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Office
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-06-18 16:18:08 ----D---- C:\Program Files (x86)\Launch Manager
2014-06-18 16:18:07 ----D---- C:\Program Files (x86)\Kodak
2014-06-18 16:18:07 ----D---- C:\Program Files (x86)\Java
2014-06-18 16:18:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-18 16:18:05 ----D---- C:\Program Files (x86)\HWSD_v121
2014-06-18 16:18:00 ----D---- C:\Program Files (x86)\eMachines Games
2014-06-18 16:18:00 ----D---- C:\Program Files (x86)\eMachines
2014-06-18 16:17:57 ----D---- C:\Program Files (x86)\CheckPoint
2014-06-18 16:17:57 ----D---- C:\Program Files (x86)\BSplayer
2014-06-18 16:17:56 ----D---- C:\Program Files (x86)\ATI Technologies
2014-06-18 16:17:56 ----D---- C:\Program Files (x86)\Adobe
2014-06-06 12:28:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-31 21:44:33 ----D---- C:\Windows\Prefetch
2014-05-30 09:03:48 ----D---- C:\Users\Jarka\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-11-14 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys [2010-11-09 476792]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS [2011-03-31 40568]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2014-03-18 451480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-04-21 6406144]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-04-21 188928]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-05-11 2229608]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-22 2399848]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-20 18432]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-01-27 231328]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2011-05-12 174200]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-07-09 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110109.003\ENG64.SYS [2010-12-19 117880]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110109.003\EX64.SYS [2010-12-19 1791096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS [2011-03-31 744568]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-04-21 202752]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-06-11 868896]
R2 FileOpenManagerService;FileOpen Manager Service; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [2012-10-17 335288]
R2 GREGService;GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 Updater Service;Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-29 243232]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2014-03-18 3558112]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-02-23 81752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17 257712]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-15 655624]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [2010-04-04 246520]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Norton jsem asi kdysi odinstaloval, hlupák... teď se přes ikonu nespouští, a když dám Live Update, otevře se záhadné malinké okénko, kde nic není....
zde je nový log, AVG jsem odistaloval, ale nevím, jestli někde něco potvůrka nenechala...
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jarka at 2014-06-21 11:56:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 156 GB (70%) free of 224 GB
Total RAM: 1787 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:18, on 21.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\trend micro\Jarka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.szn.cz/?returnURL=https%3 ... ceId=email
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager Service (FileOpenManagerService) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
--
End of file - 9229 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {D93655E1-03B2-479D-9A36-D46F0726A79B}
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
taskeng.exe {D13F7AB9-5743-4ADF-9AF3-0D6E319C26EC}
"C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe"
"C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe"
"C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll" /prefetch:1
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe"
"C:\Program Files\FileOpen\Services\FileOpenBroker64.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Windows\system32\wermgr.exe" "-queuereporting_s_machine" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_zaprivacyservice_33db5880bb12fa574892a4fcab9a1a8ca74aaea8_0d15754e"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Users\Jarka\Downloads\RSITx64 (1).exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll [2011-12-09 436152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL [2011-03-31 210872]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-19 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll [2011-12-09 436152]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-22 10920552]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"Acer ePower Management"=C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [2010-06-11 861216]
"FileOpenBroker"=C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [2012-10-17 1092528]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-06-22 968272]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-21 98304]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2014-03-18 137352]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-06-21 10:41:11 ----A---- C:\ComboFix.txt
2014-06-21 10:34:37 ----D---- C:\$RECYCLE.BIN
2014-06-21 09:42:58 ----A---- C:\Windows\wininit.ini
2014-06-20 20:39:17 ----A---- C:\Windows\zip.exe
2014-06-20 20:39:17 ----A---- C:\Windows\SWSC.exe
2014-06-20 20:39:17 ----A---- C:\Windows\SWREG.exe
2014-06-20 20:39:17 ----A---- C:\Windows\sed.exe
2014-06-20 20:39:17 ----A---- C:\Windows\PEV.exe
2014-06-20 20:39:17 ----A---- C:\Windows\NIRCMD.exe
2014-06-20 20:39:17 ----A---- C:\Windows\MBR.exe
2014-06-20 20:39:17 ----A---- C:\Windows\grep.exe
2014-06-20 20:37:24 ----D---- C:\Qoobox
2014-06-20 20:36:47 ----D---- C:\Windows\erdnt
2014-06-20 19:37:24 ----D---- C:\rsit
2014-06-20 18:55:28 ----A---- C:\Windows\system32\aepdu.dll
2014-06-20 18:55:27 ----A---- C:\Windows\system32\aeinv.dll
2014-06-20 09:35:51 ----D---- C:\Users\Jarka\AppData\Roaming\QuickScan
2014-06-18 23:18:34 ----A---- C:\Windows\system32\usp10.dll
2014-06-18 23:18:33 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-06-18 23:18:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-18 23:18:26 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 23:18:12 ----A---- C:\Windows\system32\msxml6.dll
2014-06-18 23:18:12 ----A---- C:\Windows\system32\msxml3.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-06-18 23:18:11 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-18 23:18:11 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-18 23:17:40 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-06-18 23:17:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-06-18 23:17:40 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 23:17:39 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-06-18 23:17:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-06-18 23:17:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-06-18 23:17:38 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-06-18 23:17:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:17:37 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-06-18 23:17:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-06-18 23:17:35 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-06-18 23:17:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-06-18 23:17:34 ----A---- C:\Windows\system32\urlmon.dll
2014-06-18 23:17:33 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-06-18 23:17:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-06-18 23:17:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-06-18 23:17:32 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-18 23:17:31 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-06-18 23:17:31 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-06-18 23:17:31 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-18 23:17:31 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-18 23:17:30 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-18 23:17:29 ----A---- C:\Windows\system32\iesetup.dll
2014-06-18 23:17:28 ----A---- C:\Windows\system32\iertutil.dll
2014-06-18 23:17:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-06-18 23:17:27 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-06-18 23:17:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-06-18 23:17:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-06-18 23:17:26 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-18 23:17:26 ----A---- C:\Windows\system32\iernonce.dll
2014-06-18 23:17:25 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\ieui.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\ieframe.dll
2014-06-18 23:17:23 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\vbscript.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-18 23:17:22 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-18 23:17:22 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-18 23:17:21 ----A---- C:\Windows\system32\wininet.dll
2014-06-18 23:17:18 ----A---- C:\Windows\system32\msrating.dll
2014-06-18 23:17:16 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:17:16 ----A---- C:\Windows\system32\mshtml.dll
2014-06-18 23:07:17 ----D---- C:\ProgramData\9cbe8114ee46fdba
2014-06-17 20:38:24 ----D---- C:\Config.Msi
2014-06-11 11:48:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-06-11 11:48:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-11 11:48:37 ----A---- C:\Windows\system32\jscript9.dll
2014-06-06 13:09:42 ----D---- C:\Users\Jarka\AppData\Roaming\TuneUp Software
2014-06-06 13:07:44 ----D---- C:\Program Files (x86)\AVG
2014-06-06 12:36:09 ----HD---- C:\ProgramData\Common Files
2014-06-06 12:36:09 ----D---- C:\ProgramData\MFAData
2014-05-26 10:27:42 ----A---- C:\Windows\SYSWOW64\sho3CB3.tmp
2014-05-24 22:47:30 ----D---- C:\Users\Jarka\AppData\Roaming\Voipwise
2014-05-24 22:46:46 ----D---- C:\Program Files (x86)\Voipwise.com
======List of files/folders modified in the last 1 month======
2014-06-21 11:56:13 ----D---- C:\Program Files\trend micro
2014-06-21 11:56:04 ----D---- C:\Windows\Temp
2014-06-21 11:56:01 ----D---- C:\Windows\system32\config
2014-06-21 11:46:08 ----D---- C:\Windows\system32\drivers
2014-06-21 11:46:08 ----D---- C:\ProgramData
2014-06-21 11:46:06 ----RD---- C:\Program Files (x86)
2014-06-21 10:34:42 ----D---- C:\Windows
2014-06-21 10:34:42 ----A---- C:\Windows\system.ini
2014-06-21 10:34:28 ----D---- C:\Windows\system32\drivers\etc
2014-06-21 10:24:42 ----D---- C:\Windows\SYSWOW64\drivers
2014-06-21 10:24:42 ----D---- C:\Windows\SysWOW64
2014-06-21 10:24:42 ----D---- C:\Windows\AppPatch
2014-06-21 10:24:40 ----D---- C:\Program Files (x86)\Common Files
2014-06-21 10:06:16 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-21 10:01:46 ----SHD---- C:\Windows\Installer
2014-06-21 10:01:31 ----SHD---- C:\System Volume Information
2014-06-21 09:57:11 ----D---- C:\Windows\inf
2014-06-21 09:44:43 ----D---- C:\Windows\System32
2014-06-21 09:44:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-06-21 09:44:37 ----SD---- C:\ProgramData\Microsoft
2014-06-21 09:25:22 ----D---- C:\Windows\SoftwareDistribution
2014-06-21 09:22:44 ----D---- C:\Windows\Minidump
2014-06-21 09:15:26 ----D---- C:\Windows\ModemLogs
2014-06-21 09:15:20 ----D---- C:\Windows\debug
2014-06-20 22:13:03 ----SD---- C:\Windows\system32\CompatTel
2014-06-20 22:12:48 ----D---- C:\Windows\winsxs
2014-06-20 22:10:19 ----D---- C:\Users\Jarka\AppData\Roaming\SoftGrid Client
2014-06-20 20:52:13 ----D---- C:\Windows\system32\Tasks
2014-06-20 20:52:11 ----D---- C:\Windows\Tasks
2014-06-20 19:18:54 ----D---- C:\AdwCleaner
2014-06-20 09:27:45 ----D---- C:\Program Files\Internet Explorer
2014-06-20 09:27:43 ----D---- C:\Windows\SYSWOW64\en-US
2014-06-20 09:27:41 ----D---- C:\Windows\system32\en-US
2014-06-20 09:27:39 ----D---- C:\Program Files (x86)\Internet Explorer
2014-06-19 15:13:46 ----SD---- C:\Users\Jarka\AppData\Roaming\Microsoft
2014-06-19 10:02:19 ----D---- C:\Windows\system32\DriverStore
2014-06-19 09:45:13 ----D---- C:\Windows\system32\MRT
2014-06-19 09:40:11 ----A---- C:\Windows\system32\MRT.exe
2014-06-18 23:13:06 ----D---- C:\Windows\system32\catroot
2014-06-18 23:13:05 ----D---- C:\Windows\system32\catroot2
2014-06-18 23:06:53 ----HD---- C:\Windows\system32\GroupPolicy
2014-06-18 23:06:53 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-06-18 23:06:41 ----D---- C:\Program Files (x86)\Google
2014-06-18 23:06:22 ----RD---- C:\Users
2014-06-18 16:25:19 ----D---- C:\Windows\system32\wbem
2014-06-18 16:23:48 ----D---- C:\Windows\PolicyDefinitions
2014-06-18 16:23:47 ----D---- C:\Windows\system32\wfp
2014-06-18 16:23:46 ----D---- C:\Windows\system32\drivers\UMDF
2014-06-18 16:23:46 ----D---- C:\Windows\system32\CodeIntegrity
2014-06-18 16:23:27 ----D---- C:\ProgramData\AVAST Software
2014-06-18 16:23:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-06-18 16:23:19 ----RD---- C:\Program Files
2014-06-18 16:23:19 ----D---- C:\Program Files\AVAST Software
2014-06-18 16:21:44 ----D---- C:\Windows\registration
2014-06-18 16:20:26 ----D---- C:\Windows\Microsoft.NET
2014-06-18 16:20:15 ----RSD---- C:\Windows\Media
2014-06-18 16:20:15 ----D---- C:\Windows\LP
2014-06-18 16:20:04 ----D---- C:\Windows\IME
2014-06-18 16:20:04 ----D---- C:\Windows\Help
2014-06-18 16:20:04 ----D---- C:\Windows\Globalization
2014-06-18 16:20:04 ----D---- C:\Windows\ERUNT
2014-06-18 16:20:04 ----D---- C:\Windows\ehome
2014-06-18 16:20:02 ----D---- C:\Windows\diagnostics
2014-06-18 16:20:02 ----D---- C:\Windows\Branding
2014-06-18 16:20:02 ----D---- C:\Windows\Boot
2014-06-18 16:19:55 ----RSD---- C:\Windows\assembly
2014-06-18 16:19:25 ----D---- C:\Windows\AppCompat
2014-06-18 16:19:13 ----D---- C:\Program Files\Windows Sidebar
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Photo Viewer
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows NT
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Media Player
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Mail
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Journal
2014-06-18 16:19:12 ----D---- C:\Program Files\Windows Defender
2014-06-18 16:19:12 ----D---- C:\Program Files\Reference Assemblies
2014-06-18 16:19:12 ----D---- C:\Program Files\Realtek
2014-06-18 16:19:12 ----D---- C:\Program Files\Preload
2014-06-18 16:19:12 ----D---- C:\Program Files\PDF_VIEWER
2014-06-18 16:19:12 ----D---- C:\Program Files\MSBuild
2014-06-18 16:19:11 ----D---- C:\Program Files\Microsoft Silverlight
2014-06-18 16:19:10 ----D---- C:\Program Files\Microsoft Office
2014-06-18 16:19:10 ----D---- C:\Program Files\Microsoft Games
2014-06-18 16:19:06 ----D---- C:\Program Files\Google
2014-06-18 16:19:05 ----D---- C:\Program Files\FileOpen
2014-06-18 16:19:05 ----D---- C:\Program Files\eMachines
2014-06-18 16:19:03 ----D---- C:\Program Files\DVD Maker
2014-06-18 16:19:03 ----D---- C:\Program Files\DIFX
2014-06-18 16:19:03 ----D---- C:\Program Files\Common Files\System
2014-06-18 16:19:03 ----D---- C:\Program Files\Common Files
2014-06-18 16:19:02 ----D---- C:\Program Files\Common Files\SpeechEngines
2014-06-18 16:19:01 ----D---- C:\Program Files\CCleaner
2014-06-18 16:18:14 ----D---- C:\Program Files\ATI
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Sidebar
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows NT
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Media Player
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Mail
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Live
2014-06-18 16:18:14 ----D---- C:\Program Files (x86)\Windows Defender
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Symantec
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Software602
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Reference Assemblies
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\Realtek
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\PDFCreator
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\PDF Architect
2014-06-18 16:18:13 ----D---- C:\Program Files (x86)\O2
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\NTI
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\NortonInstaller
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Norton Internet Security
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\MSECache
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\MSBuild
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-18 16:18:12 ----D---- C:\Program Files (x86)\Microsoft
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Office
2014-06-18 16:18:11 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-06-18 16:18:08 ----D---- C:\Program Files (x86)\Launch Manager
2014-06-18 16:18:07 ----D---- C:\Program Files (x86)\Kodak
2014-06-18 16:18:07 ----D---- C:\Program Files (x86)\Java
2014-06-18 16:18:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-18 16:18:05 ----D---- C:\Program Files (x86)\HWSD_v121
2014-06-18 16:18:00 ----D---- C:\Program Files (x86)\eMachines Games
2014-06-18 16:18:00 ----D---- C:\Program Files (x86)\eMachines
2014-06-18 16:17:57 ----D---- C:\Program Files (x86)\CheckPoint
2014-06-18 16:17:57 ----D---- C:\Program Files (x86)\BSplayer
2014-06-18 16:17:56 ----D---- C:\Program Files (x86)\ATI Technologies
2014-06-18 16:17:56 ----D---- C:\Program Files (x86)\Adobe
2014-06-06 12:28:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-31 21:44:33 ----D---- C:\Windows\Prefetch
2014-05-30 09:03:48 ----D---- C:\Users\Jarka\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-11-14 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110107.002\IDSvia64.sys [2010-11-09 476792]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS [2011-03-31 40568]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2014-03-18 451480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-04-21 6406144]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-04-21 188928]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-05-11 2229608]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-22 2399848]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-20 18432]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-01-27 231328]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2011-05-12 174200]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-07-09 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110109.003\ENG64.SYS [2010-12-19 117880]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110109.003\EX64.SYS [2010-12-19 1791096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS [2011-03-31 744568]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-04-21 202752]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-06-11 868896]
R2 FileOpenManagerService;FileOpen Manager Service; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [2012-10-17 335288]
R2 GREGService;GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 Updater Service;Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-29 243232]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2014-03-18 3558112]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-02-23 81752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17 257712]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-15 655624]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [2010-04-04 246520]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
Tak jaky teda pouzivate antivir?Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu RSIT - VirusTotal našel Trojan
měli jsme vždy zkušební veerzi zdarma ... avast, aviru, teď avg...
jsem poměrně amatér, tak mi nedošlo, že by asi stačilo ten Norton aktualizovat. Mám od něj instalační CD někde, tak to půjde...
je to prosím tedy OK? nemusím už nic čistit?
díky¨honza
jsem poměrně amatér, tak mi nedošlo, že by asi stačilo ten Norton aktualizovat. Mám od něj instalační CD někde, tak to půjde...
je to prosím tedy OK? nemusím už nic čistit?
díky¨honza
Přispějete na provoz fóra?