Zavirovaný NB - kontrola, že je OK

[willimetz1]

Dobrý den, měl jsem zavirovaný notebook (popupy, reklamy, atd), pustil jsem postupně Adw cleaner, Combofix, MBAM, plus jeden vir odstranil security essentials, nyní se mi zdá OK ale prosím o kontrolu logu. Dávám všechny 4, RSIT jako poslední. Díííky

a# AdwCleaner v4.101 - Report created 21/11/2014 at 15:59:46
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Petr - PETRNB
# Running from : C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T37HUJ9\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : IePluginServices
[#] Service Deleted : nethfdrv
[#] Service Deleted : NethxxpService
[#] Service Deleted : ProtectMonitor
Service Deleted : ServiceUpdater
Service Deleted : FastPlayerUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\2308189059
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPlayer
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\PCDApp
[!] Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\Surftastic
Folder Deleted : C:\Program Files\FastPlayer
Folder Deleted : C:\Program Files\HD-V2.2V01.10
Folder Deleted : C:\Users\Petr\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Petr\AppData\Local\pay-by-ads
Folder Deleted : C:\Users\Petr\AppData\Local\FastPlayer
Folder Deleted : C:\Users\Petr\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Petr\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Petr\AppData\Roaming\mystartsearch
Folder Deleted : C:\Users\Petr\Documents\Optimizer Pro
File Deleted : C:\Windows\system32\drivers\nethfdrv.sys
File Deleted : C:\Windows\system32\hfpapi.dll
File Deleted : C:\Windows\system32\installd.exe
File Deleted : C:\Windows\system32\nethtsrv.exe
File Deleted : C:\Windows\system32\netupdsrv.exe
File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
Task Deleted : Yahoo! Search Udpater
Task Deleted : 21b1de1a-7d26-42cb-93be-9e92ff4b5d09
Task Deleted : 47267822-7a2b-4032-a7a8-d36b05052081
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-1
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-11
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-2
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-3
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-4
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-5
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-5_user
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-6
Task Deleted : b31a6761-6c8e-4903-9af6-40b9a9f90597-7

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622382231}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655385531}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666386631}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644384431}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\HD-V2.2V01.10
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\TrustMediaViewerV1
Key Deleted : HKLM\SOFTWARE\FastPlayer
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\HD-V2.2V01.10
Key Deleted : HKLM\SOFTWARE\Surftastic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FastPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HD-V2.2V01.10
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inethnfd
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FastPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HD-V2.2V01.10
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [5340 octets] - [21/09/2014 11:25:44]
AdwCleaner[R1].txt - [14437 octets] - [21/11/2014 15:57:44]
AdwCleaner[S0].txt - [5067 octets] - [21/09/2014 11:31:33]
AdwCleaner[S1].txt - [13422 octets] - [21/11/2014 15:59:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13483 octets] ##########




ComboFix 14-11-18.01 - Petr 21.11.2014 16:10:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.1655 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\xyz.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Config\uninstinethnfd.exe
c:\program files\Common Files\Config\ver.xml
c:\programdata\ntuser.pol
c:\users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Dolphin Deals_iels
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\hfnapi.dll
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-21 do 2014-11-21 )))))))))))))))))))))))))))))))
.
.
2014-11-21 15:19 . 2014-11-21 15:22 -------- d-----w- c:\users\Petr\AppData\Local\temp
2014-11-21 14:37 . 2014-09-17 16:59 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F24982DC-E7FB-4DC5-BAC7-80B08CCD5D0D}\gapaengine.dll
2014-11-21 14:33 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDD9460E-FFA2-48CA-971A-054C41B07C6A}\mpengine.dll
2014-11-17 20:34 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-17 20:34 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-17 20:34 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-17 20:34 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-17 20:33 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-17 20:33 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-17 20:32 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-17 20:32 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-17 20:29 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-17 20:27 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-17 20:27 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-17 20:27 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-17 20:27 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-17 20:27 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-17 20:19 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-17 19:30 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-17 19:28 . 2014-11-17 19:28 687 ----a-w- C:\awhE995.tmp
2014-11-12 18:20 . 2014-11-12 18:20 687 ----a-w- C:\awh7AA6.tmp
2014-11-08 19:25 . 2014-11-08 19:25 687 ----a-w- C:\awh523.tmp
2014-11-04 18:41 . 2014-11-04 18:41 687 ----a-w- C:\awh2FFC.tmp
2014-11-02 18:51 . 2014-11-02 18:51 687 ----a-w- C:\awh27FD.tmp
2014-10-28 17:39 . 2014-10-28 17:39 687 ----a-w- C:\awhD5FB.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-17 20:00 . 2014-02-17 17:24 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-17 20:00 . 2014-02-17 17:24 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2014-01-15 00:06 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-21 20:01 . 2014-10-21 20:01 687 ----a-w- C:\awhE084.tmp
2014-10-21 19:46 . 2014-10-21 19:46 687 ----a-w- C:\awh80C.tmp
2014-10-17 19:26 . 2014-10-17 19:26 687 ----a-w- C:\awhAEB6.tmp
2014-10-11 18:48 . 2014-10-11 18:48 687 ----a-w- C:\awh2E08.tmp
2014-10-10 19:51 . 2014-10-10 19:51 687 ----a-w- C:\awh7710.tmp
2014-10-09 18:56 . 2014-10-09 18:56 687 ----a-w- C:\awhEEAD.tmp
2014-10-09 18:26 . 2014-10-09 18:26 687 ----a-w- C:\awhB58C.tmp
2014-10-08 17:48 . 2014-10-08 17:48 687 ----a-w- C:\awh6D05.tmp
2014-10-07 18:37 . 2014-10-07 18:37 687 ----a-w- C:\awhFAD5.tmp
2014-10-04 05:31 . 2014-10-04 05:31 687 ----a-w- C:\awhA3DD.tmp
2014-10-01 16:48 . 2014-10-01 16:48 1529240 ----a-w- c:\users\Petr\AppData\Roaming\OX.exe
2014-09-17 16:59 . 2014-01-24 18:53 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 06:24 . 2014-09-24 20:27 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27 . 2014-10-17 19:41 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2014-10-15 468192]
"cz.seznam.software.autoupdate"="c:\users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 17:58 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-17 20:00]
.
2014-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-15 00:26]
.
2014-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-15 00:26]
.
2014-11-21 c:\windows\Tasks\OX.job
- c:\users\Petr\AppData\Roaming\OX.exe [2014-10-01 16:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=16194
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-mystartsearch uninstall - c:\users\Petr\AppData\Roaming\mystartsearch\UninstallManager.exe
AddRemove-RichMediaViewV1release759 - c:\program files\RichMediaViewV1\RichMediaViewV1release759\uninstall.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-21 16:22
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1998666757-1336502068-695087611-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAujj2TkWPqU2J6AAtQh6LvgAAAAACAAAAAAADZgAAqAAAABAAAACMHfKNchPXACVcxwz0rdfeAAAAAASAAACgAAAAEAAAAF/rZAcdpIYnvjGY+bd0zkAIAAAACREMP68nKIEUAAAA/rEAjrjWRlP9SsjrJIt1A1owKTE="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAujj2TkWPqU2J6AAtQh6LvgAAAAACAAAAAAADZgAAqAAAABAAAABH54P0RCZBnkQIE3hQa5p3AAAAAASAAACgAAAAEAAAADxrep0aaiS+G4aWYqlLK1sYAAAAb7E1n10y0lzs4C1QzK8kcg3epZlytb8QFAAAABf+vywnkxPIsDPb1hejfUbV6Kwz"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAujj2TkWPqU2J6AAtQh6LvgAAAAACAAAAAAADZgAAqAAAABAAAAC9hQMo2+N4O6CR1iPMkN+7AAAAAASAAACgAAAAEAAAAPfyP+TrW6ToYZGLayWSJO0YAAAAxteY22jIlh4UfAJd6LfE9H9wJdgUHV3lFAAAALWRCHXuTsuYa7CL6DvT9QBfC7bi"
.
[HKEY_USERS\S-1-5-21-1998666757-1336502068-695087611-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):b0,5a,a5,b3,b1,ab,d1,08
"DeltaClock"=hex(b):ff,dd,12,f7,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
c:\program files\Freemake\CaptureLib\CaptureLibService.exe
c:\program files\TeamViewer\Version9\TeamViewer_Service.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\program files\TeamViewer\Version9\tv_w32.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\UI0Detect.exe
.
**************************************************************************
.
Celkový čas: 2014-11-21 16:28:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-21 15:28
.
Před spuštěním: Volných bajtů: 40 138 919 936
Po spuštění: Volných bajtů: 40 224 149 504
.
- - End Of File - - 5AEEBE365CFA0C889DA68D6B4C21D9CE
64B1E91C5C6C2157642651010728F90F





Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21.11.2014
Scan Time: 18:48:48
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.21.10
Rootkit Database: v2014.11.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Petr

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301502
Time Elapsed: 22 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.InfoHD.A, C:\Users\Petr\AppData\Roaming\OX.exe, 212, Delete-on-Reboot, [76f8d66809736ec875102d85ab56738d]

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [303ec37badcf5adc4dc1a51cba48916f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [303ec37badcf5adc4dc1a51cba48916f],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{99E29823-2F67-41C3-8AA5-6425097A771F}, Quarantined, [2b43dd613844989e26fcacab728eff01],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D5F245F0-0E38-49B4-801F-148E0D31EB57}, Quarantined, [2b43dd613844989e26fcacab728eff01],
PUP.Optional.DolphinDeals.A, HKLM\SOFTWARE\Dolphin Deals, Quarantined, [c0aef747cdaf31056b9ad676719216ea],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\HD-V2.2V01.10-nv, Quarantined, [75f997a76f0d4aec57f388b743c05da3],
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\RichMediaViewV1release759, Quarantined, [e48ac7776517a591a1414518f21121df],
PUP.Optional.TrustMediaViewer.A, HKLM\SOFTWARE\TrustMediaViewerV1alpha758, Quarantined, [9bd35ce285f7ff37838c4310b94ae61a],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD-V2.2V01.10, Quarantined, [89e5043a64183df96be1a996ef149868],
PUP.Optional.DolphinDeals.A, HKU\S-1-5-21-1998666757-1336502068-695087611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Dolphin Deals, Quarantined, [d39bcc725824c86e64a22b217093fc04],

Registry Values: 2
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@RichMediaViewV1release759.net, C:\Program Files\RichMediaViewV1\RichMediaViewV1release759\ff, Quarantined, [95d92e10c9b33ff7eaf7bba2c93a32ce]
PUP.Optional.TrustMediaViewer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@TrustMediaViewerV1alpha758.net, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha758\ff, Quarantined, [db93a6985626cf67aa66f45f07fc53ad]

Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[94daf846037976c0d8c8b49cec191be5]

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.InfoHD.A, C:\Users\Petr\AppData\Roaming\OX.exe, Quarantined, [76f8d66809736ec875102d85ab56738d],
PUP.Optional.DolphinDeals.A, C:\Program Files\Dolphin Deals\DolphinDealsbho.dll, Quarantined, [036b6dd19be1e4527e7611a2738eff01],
PUP.Optional.DolphinDeals.A, C:\Program Files\Dolphin Deals\updateDolphinDeals.exe, Quarantined, [412d45f9621ac1757f765b58c63b2ed2],
PUP.Optional.Amonetize.A, C:\Users\Petr\AppData\Local\21074\Updater.exe, Quarantined, [2b43dd613844989e26fcacab728eff01],
PUP.Optional.Amonetize, C:\Users\Petr\AppData\Local\41\a18467.exe, Quarantined, [e6880b33c6b66dc92bbdd9b09b66ed13],
PUP.Optional.Amonetize, C:\Users\Petr\AppData\Local\8528\Updater.exe, Quarantined, [9ad4d767dd9f7abc4867dcf12fd2f010],

Physical Sectors: 0
(No malicious items detected)


(end)







Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2014-11-21 21:52:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 37 GB (31%) free of 119 GB
Total RAM: 3071 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:53:08, on 21.11.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16592)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Petr\Downloads\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\RunOnce: [SeznamInstall-uninstall:e8ae3131e9bb535920d7ee03de9fa4b0] "C:\Users\Petr\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe" -c "C:\Users\Petr\AppData\Roaming\Seznam.cz"
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 5671 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\OX.job - C:\Users\Petr\AppData\Roaming\OX.exe /infocmdline=BjUE5abxYm1/hLLAs/3wwkjM7t/sQ3qYtvvn9gxpHEJrZXfVaajTd5UIA1OdcvkzdTmXIPhwGS/QoHOyoM7ev61HB5YJZAQY/PgNTWjnIRc709Eq7MMKcxoLMUKAteBIV68HMnok97dNumZ7jNK54RZ/vsaDihUUDEIVuZ5atfieqZvjjCxzKfGYrHbVB4yEHx62ySAaSLBGacek5IkoT2cqsG91e4ezu7tQ50J8jRLobkvCbs8cxGmyjy/Y0JmnxUBLnT+QXfhGhsE2CDqcUnKkObKAlMDPL8SU526tQUipDAl+yHDbvb/DIWCKGxdKn97whkiFeNOGcP4DFRFugpeBqiSm7h3VWpM4+5kEne+U0lddGPWHw2NfMvX1N0osnz6dfrf8u/rlcPCb/gEdQumVOBwW7iSfdkeZo3wPWa2uyj4ALpMtTJ3VuG2wvJbdDUQ8Z7ZyNWmHE6WnCHL+EQnEFDKtcBLblddKdIQfKx9Pz4UTx+k+hk4wA2UinUBb

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 974432]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [2014-10-01 54072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2014-10-15 468192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SeznamInstall-uninstall:e8ae3131e9bb535920d7ee03de9fa4b0"=C:\Users\Petr\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [2014-11-21 534528]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=serwvdrv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-11-21 21:52:45 ----D---- C:\rsit
2014-11-21 19:37:52 ----A---- C:\Windows\system32\drivers\ohkcbtgh.sys
2014-11-21 18:48:29 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-11-21 18:47:25 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-11-21 18:47:25 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-11-21 18:47:25 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-11-21 18:47:25 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-11-21 17:17:22 ----D---- C:\Program Files\PCDApp
2014-11-21 16:35:34 ----SHD---- C:\$RECYCLE.BIN
2014-11-21 16:30:16 ----SD---- C:\Uninstall
2014-11-21 16:29:57 ----SD---- C:\32788R22FWJFW
2014-11-21 16:28:53 ----D---- C:\Windows\temp
2014-11-21 16:06:25 ----A---- C:\Windows\NIRCMD.exe
2014-11-21 16:05:29 ----D---- C:\Windows\erdnt
2014-11-17 21:34:06 ----A---- C:\Windows\system32\msaudite.dll
2014-11-17 21:34:05 ----A---- C:\Windows\system32\adtschema.dll
2014-11-17 21:34:02 ----A---- C:\Windows\system32\termsrv.dll
2014-11-17 21:34:02 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-17 21:33:06 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-17 21:33:05 ----A---- C:\Windows\system32\msxml3.dll
2014-11-17 21:32:33 ----A---- C:\Windows\system32\schannel.dll
2014-11-17 21:32:13 ----A---- C:\Windows\system32\packager.dll
2014-11-17 21:29:09 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-17 21:27:25 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\EncDump.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-17 21:27:08 ----A---- C:\Windows\system32\oleaut32.dll
2014-11-17 21:19:41 ----A---- C:\Windows\system32\win32k.sys
2014-11-17 20:28:37 ----A---- C:\awhE995.tmp
2014-11-17 20:26:11 ----A---- C:\Windows\system32\vbscript.dll
2014-11-17 20:26:11 ----A---- C:\Windows\system32\mshta.exe
2014-11-17 20:26:11 ----A---- C:\Windows\system32\msfeedssync.exe
2014-11-17 20:26:11 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-11-17 20:26:11 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\urlmon.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\jscript.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-17 20:26:09 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-17 20:26:09 ----A---- C:\Windows\system32\iertutil.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\wininet.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\url.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\ieui.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\ieframe.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-17 20:26:03 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-17 20:26:02 ----A---- C:\Windows\system32\jscript9.dll
2014-11-17 20:26:01 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 19:20:36 ----A---- C:\awh7AA6.tmp
2014-11-08 20:25:00 ----A---- C:\awh523.tmp
2014-11-04 19:41:44 ----A---- C:\awh2FFC.tmp
2014-11-02 19:51:28 ----A---- C:\awh27FD.tmp
2014-10-28 18:39:20 ----A---- C:\awhD5FB.tmp

======List of files/folders modified in the last 1 month======

2014-11-21 21:53:08 ----D---- C:\Program Files\trend micro
2014-11-21 19:37:52 ----D---- C:\Windows\system32\drivers
2014-11-21 19:37:52 ----D---- C:\Windows\DigitalLocker
2014-11-21 19:37:52 ----D---- C:\Program Files\Dolphin Deals
2014-11-21 18:47:25 ----RD---- C:\Program Files
2014-11-21 18:13:57 ----D---- C:\Windows\system32\drivers\etc
2014-11-21 18:05:59 ----D---- C:\Windows\winsxs
2014-11-21 18:05:55 ----D---- C:\Windows\system32\catroot
2014-11-21 18:05:35 ----SHD---- C:\System Volume Information
2014-11-21 17:58:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-11-21 17:20:09 ----D---- C:\ProgramData\Freemake
2014-11-21 17:19:47 ----D---- C:\Program Files\Freemake
2014-11-21 17:18:50 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2014-11-21 17:17:32 ----D---- C:\Program Files\Seznam.cz
2014-11-21 16:51:56 ----D---- C:\Windows\system32\LogFiles
2014-11-21 16:51:56 ----D---- C:\Windows\Prefetch
2014-11-21 16:51:55 ----D---- C:\Windows\System32
2014-11-21 16:51:54 ----D---- C:\Windows\inf
2014-11-21 16:51:54 ----D---- C:\Windows\Debug
2014-11-21 16:51:54 ----D---- C:\Windows
2014-11-21 16:40:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-21 16:22:06 ----A---- C:\Windows\system.ini
2014-11-21 16:20:21 ----D---- C:\Windows\system32\config
2014-11-21 16:17:24 ----D---- C:\ProgramData
2014-11-21 16:17:22 ----D---- C:\Program Files\Common Files\Config
2014-11-21 16:14:57 ----AD---- C:\ProgramData\TEMP
2014-11-21 16:14:45 ----D---- C:\Windows\AppPatch
2014-11-21 16:14:43 ----D---- C:\Program Files\Common Files
2014-11-21 16:00:09 ----D---- C:\AdwCleaner
2014-11-21 15:30:16 ----D---- C:\Windows\rescache
2014-11-21 15:27:42 ----D---- C:\Windows\Microsoft.NET
2014-11-21 15:27:06 ----RSD---- C:\Windows\assembly
2014-11-21 15:11:33 ----D---- C:\Program Files\PDApp
2014-11-21 15:08:24 ----D---- C:\Windows\system32\cs-CZ
2014-11-21 15:08:22 ----D---- C:\Windows\system32\migration
2014-11-21 15:08:22 ----D---- C:\Program Files\Internet Explorer
2014-11-17 21:34:34 ----D---- C:\Windows\system32\catroot2
2014-11-17 21:33:59 ----SHD---- C:\Windows\Installer
2014-11-17 21:33:47 ----D---- C:\ProgramData\Microsoft Help
2014-11-17 21:26:13 ----D---- C:\Windows\system32\MRT
2014-11-17 21:20:32 ----A---- C:\Windows\system32\mrt.exe
2014-11-17 21:00:03 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-11-17 20:45:47 ----D---- C:\Windows\Tasks
2014-11-17 20:18:24 ----HD---- C:\Program Files\InstallShield Installation Information
2014-10-30 12:24:45 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-01-17 40560]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 231800]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-01-15 691696]
R1 MpKsl283c873a;MpKsl283c873a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5ABAE85C-830D-4D95-981A-30F4A2C0E26B}\MpKsl283c873a.sys [2014-11-21 39464]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2010-01-17 385544]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2010-01-17 34392]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-11-21 114904]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2014-01-14 47616]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S0 dneuxkm;dneuxkm; C:\Windows\System32\drivers\ohkcbtgh.sys [2014-11-21 52440]
S3 anarsp8w;anarsp8w; C:\Windows\system32\drivers\anarsp8w.sys []
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 catchme;catchme; \??\C:\xyz\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-08-17 13528]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2014-08-17 26328]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 22192]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-15 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-15 116648]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-02-17 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Márty84]

Zdravim

Muzete mi rict, proc jste spoustel ComboFix? Umite s nim zachazet?

Kdybyste si precetl pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetl byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

CF smaze veskere stopy pripadne nakazy a ja ted muzu tak akorat varit z vody, jak se rika
Zkusim se na to podivat, ale pokud se to bude opakovat, bude pomoc odmitnuta.
A taky upozornuji, ze se to mozna protahne a vysledek vubec neni jisty



Udelejte novou kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[willimetz1]

Omlouvám se, nevěděl jsem že je to problém! Už to znovu dělat nebudu.

Tady je log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22.11.2014
Scan Time: 16:02:18
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.22.09
Rootkit Database: v2014.11.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Petr

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 552145
Time Elapsed: 3 hr, 35 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 57
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\b31a6761-6c8e-4903-9af6-40b9a9f90597-2.exe.vir, , [943d320ca8d4ea4c4f6ef5bd7a87d52b],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\47267822-7a2b-4032-a7a8-d36b05052081.exe.vir, , [4b86a8966b11cd69d2eb0ea40ff245bb],
PUP.Optional.Nova.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\7167fcbe-e4d9-4f80-aff7-6279f03ba134.dll.vir, , [9d3427174c305ed8472137afcf3202fe],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\b31a6761-6c8e-4903-9af6-40b9a9f90597-11.exe.vir, , [c60bb9855527092db00d1a986b96ae52],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\b31a6761-6c8e-4903-9af6-40b9a9f90597-3.exe.vir, , [c8093d01bbc1db5bd1ec1c9645bcdc24],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\b31a6761-6c8e-4903-9af6-40b9a9f90597-4.exe.vir, , [9a37ed517c00d95d18a5c8ea21e0f808],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\b31a6761-6c8e-4903-9af6-40b9a9f90597-5.exe.vir, , [d2ffdc62a1db76c0fcc1c2f0fb06c43c],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\b31a6761-6c8e-4903-9af6-40b9a9f90597-6.exe.vir, , [11c0132bfa821b1b5c61931f37ca1de3],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\b31a6761-6c8e-4903-9af6-40b9a9f90597-7.exe.vir, , [953c3c02c5b794a29b22c2f00ff27090],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\HD-V2.2V01.10-bg.exe.vir, , [ae23d86687f55bdb3a83c2f0ee136997],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\HD-V2.2V01.10-bho.dll.vir, , [c60b79c5f3895ed8526b3a7870917789],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\HD-V2.2V01.10-codedownloader.exe.vir, , [2ea382bc2656da5c378600b2d42d39c7],
PUP.Optional.CrossRider.A, C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.2V01.10\utils.exe.vir, , [b51c86b86b111c1a1f201f2d946cb34d],
PUP.Optional.Firseria, C:\AdwCleaner\Quarantine\C\Program Files\PCDApp\PCDUninstall.exe.vir, , [4d84c27c2b51ef476ff6b91825dcc43c],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir, , [ac250d3153294ee82d7e336d0af7ec14],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir, , [af22f945433989ad4c5f5d43d42dcd33],
PUP.Optional.SearchProtect, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\Loader64.exe.vir, , [e9e8f74708746acc97301bc4629fac54],
PUP.Optional.IEPluginService.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir, , [d9f83e00d4a8ff374e571f64d03150b0],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir, , [a031300e99e3a19572397729a35e6e92],
PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir, , [aa273c02275552e41e8d544ced14e020],
PUP.Optional.IePluginService.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupIePluginServiceUpdate.exe.vir, , [d5fcb08e314bf244dbffb4bc748dff01],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir, , [854c6fcfb6c6ee48702055e008f89d63],
PUP.Optional.Surftastic.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\SurftasticBHO.dll.vir, , [81504df1017b78befd3f0d61f11024dc],
PUP.Optional.Surftastic, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\SurftasticUninstall.exe.vir, , [3e933806c9b3a492e0f5ddd850b110f0],
PUP.Optional.Surftastic.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\updateSurftastic.exe.vir, , [478ab787324a5dd995a827478081f40c],
PUP.Optional.PayByAds.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\Surftastic.OfSvc.exe.vir, , [d8f93c02dca0bf7701f2a0e3cf36d42c],
PUP.Optional.Surftastic.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\utilSurftastic.exe.vir, , [ae232618c5b75adcb687cba36f9250b0],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.Bromon.dll.vir, , [10c11c222c50fd39a9844e78907127d9],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.BroStats.dll.vir, , [29a8da640a72b77fe04e7f47b948e21e],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.BrowserAdapter.dll.vir, , [14bd39052953c6708f06d0fbbf42ba46],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.BrowserAdapterS.dll.vir, , [ac2526181f5d3ff7fe96c0e0ac55df21],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.CompatibilityChecker.dll.vir, , [4d844df1eb914fe755d71aac669bd828],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.FFUpdate.dll.vir, , [29a8f5494b31280e44e78541ef1217e9],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.IEUpdate.dll.vir, , [f9d8c07ea0dc6ec8cd5d11b531d02bd5],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.OfSvc.dll.vir, , [0fc2eb530f6db284dc23f8b455ac2bd5],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.PurBrowse.dll.vir, , [19b8a995b4c851e5c071325eb150d22e],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\Surftastic\bin\plugins\Surftastic.PurBrowseG.dll.vir, , [557c1925a7d5df5729648110847dc040],
PUP.Optional.IePluginService.A, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir, , [daf798a6661643f317c387e989786e92],
PUP.Optional.PayByAds.A, C:\AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrlte.exe.vir, , [9f322e106b1153e3b85bd9acdc29df21],
PUP.Optional.PayByAds.A, C:\AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrsetup.exe.vir, , [28a9bd81463644f226ed5b2a7392ac54],
PUP.Optional.PayByAds.A, C:\AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\res.dll.vir, , [a62b2e106319a88e65ae770e9471de22],
PUP.Optional.NetFilter, C:\AdwCleaner\Quarantine\C\Windows\system32\hfpapi.dll.vir, , [557c98a61a627db971181aab3ac76898],
PUP.Optional.Amonetize, C:\AdwCleaner\Quarantine\C\Windows\system32\nethtsrv.exe.vir, , [89485be3bdbffb3b26cba4039c6540c0],
PUP.Optional.Amonetize, C:\AdwCleaner\Quarantine\C\Windows\system32\netupdsrv.exe.vir, , [48895ee095e75fd77979aff8fc0557a9],
PUP.Hacktool.NetFilter, C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\nethfdrv.sys.vir, , [7b56310dc4b8d66023cd3c6bea17ec14],
PUP.Optional.Amonetize, C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0FAFS5C\inethnfd-setup[1].exe, , [b8193905e696cd695c8bfcd16b963fc1],
PUP.Optional.Spigot.A, D:\Zaloha\Program Files\Application Updater\ApplicationUpdater.exe, , [4f8240fe4c302214fefca6f6d22f8080],
PUP.Optional.Spigot.A, D:\Zaloha\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe, , [8051ba840775dc5a0f1a972f61a0a55b],
PUP.Optional.Spigot.A, D:\Zaloha\Program Files\Common Files\Spigot\Search Settings\wth175.dll, , [ebe6dc62275567cf5ecbdfe790719d63],
PUP.Optional.Spigot.A, D:\Zaloha\Program Files\Common Files\Spigot\Search Settings\wthx175.dll, , [6e63d767c6b6e15575b41caa29d87090],
PUP.Optional.Spigot.A, D:\Zaloha\Program Files\IObit Apps Toolbar\WidgiHelper.exe, , [478aed51a4d8d462e71473295fa2c838],
PUP.Optional.Spigot.A, D:\Zaloha\Program Files\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll, , [7e53b589b4c8ad895acfd9ed7190bd43],
PUP.Optional.Spigot.A, D:\Zaloha\Program Files\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE64.dll, , [ddf464da0d6f2e082aff6c5ac23f6e92],
PUP.Optional.SweetIM, D:\Zaloha\Users\Petr\Downloads\HDDCrystal.exe, , [389999a52854f83ee266334449bcb14f],
PUP.AdBundle, D:\Zaloha\Users\Petr\Downloads\total commander powerpack setup (1).exe, , [805119255527f14582054d7a916fef11],
PUP.AdBundle, D:\Zaloha\Users\Petr\Downloads\total commander powerpack setup.exe, , [a72a69d53b415bdb6324982f8d73aa56],
PUP.Optional.Spigot.A, D:\Zaloha\Windows\Installer\5a9c1.msi, , [419057e71d5f46f0cb5e0abc68993ec2],

Physical Sectors: 0
(No malicious items detected)


(end)


díky!

[willimetz1]

P.S. všechny logy z toho co proběhlo vč. Combofixu máte v první zprávě

[Márty84]

Omlouvám se, nevěděl jsem že je to problém! Už to znovu dělat nebudu.

OK

P.S. všechny logy z toho co proběhlo vč. Combofixu máte v první zprávě

Ja vim, ale problem je to, ze jste nejdrive pouzil CF a az pak RSIT. CF nezobrazi vse v logu, neco opravi aniz by o tom informoval a RSIT je pak vzdy ciste. A tezko se pak odhaluje puvodce pripadne nakazy.



Vsechny nalezy MBAM hodte do karanteny. Po dalsim restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle toho zvolim dalsi postup.

[willimetz1]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23.11.2014
Scan Time: 18:46:52
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.23.07
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Petr

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 552417
Time Elapsed: 3 hr, 27 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.AdBundle, D:\Zaloha\Users\Petr\Downloads\total commander powerpack setup (1).exe, , [d55ead92027ab97d94091bac46ba32ce],
PUP.AdBundle, D:\Zaloha\Users\Petr\Downloads\total commander powerpack setup.exe, , [9f949da27705c3731588a126ad53da26],
PUP.Optional.Spigot.A, D:\Zaloha\Windows\Installer\5a9c1.msi, , [dd5616292a52fb3b093430960cf52ad6],

Physical Sectors: 0
(No malicious items detected)


(end)

[Márty84]

MBAM odinstalujte a dejte novy log z RSIT

[willimetz1]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2014-11-24 09:02:14
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 36 GB (31%) free of 119 GB
Total RAM: 3071 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:02:33, on 24.11.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16592)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 5110 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\OX.job - C:\Users\Petr\AppData\Roaming\OX.exe /infocmdline=BjUE5abxYm1/hLLAs/3wwkjM7t/sQ3qYtvvn9gxpHEJrZXfVaajTd5UIA1OdcvkzdTmXIPhwGS/QoHOyoM7ev61HB5YJZAQY/PgNTWjnIRc709Eq7MMKcxoLMUKAteBIV68HMnok97dNumZ7jNK54RZ/vsaDihUUDEIVuZ5atfieqZvjjCxzKfGYrHbVB4yEHx62ySAaSLBGacek5IkoT2cqsG91e4ezu7tQ50J8jRLobkvCbs8cxGmyjy/Y0JmnxUBLnT+QXfhGhsE2CDqcUnKkObKAlMDPL8SU526tQUipDAl+yHDbvb/DIWCKGxdKn97whkiFeNOGcP4DFRFugpeBqiSm7h3VWpM4+5kEne+U0lddGPWHw2NfMvX1N0osnz6dfrf8u/rlcPCb/gEdQumVOBwW7iSfdkeZo3wPWa2uyj4ALpMtTJ3VuG2wvJbdDUQ8Z7ZyNWmHE6WnCHL+EQnEFDKtcBLblddKdIQfKx9Pz4UTx+k+hk4wA2UinUBb

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 974432]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2014-10-15 468192]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=serwvdrv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-11-21 22:21:30 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-11-21 21:52:45 ----D---- C:\rsit
2014-11-21 18:05:41 ----A---- C:\Windows\system32\kerberos.dll
2014-11-21 17:17:22 ----D---- C:\Program Files\PCDApp
2014-11-21 16:35:34 ----SHD---- C:\$RECYCLE.BIN
2014-11-21 16:30:16 ----SD---- C:\Uninstall
2014-11-21 16:29:57 ----SD---- C:\32788R22FWJFW
2014-11-21 16:28:53 ----D---- C:\Windows\temp
2014-11-21 16:06:25 ----A---- C:\Windows\NIRCMD.exe
2014-11-21 16:05:29 ----D---- C:\Windows\erdnt
2014-11-17 21:34:06 ----A---- C:\Windows\system32\msaudite.dll
2014-11-17 21:34:05 ----A---- C:\Windows\system32\adtschema.dll
2014-11-17 21:34:02 ----A---- C:\Windows\system32\termsrv.dll
2014-11-17 21:34:02 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-17 21:33:06 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-17 21:33:05 ----A---- C:\Windows\system32\msxml3.dll
2014-11-17 21:32:33 ----A---- C:\Windows\system32\schannel.dll
2014-11-17 21:32:13 ----A---- C:\Windows\system32\packager.dll
2014-11-17 21:29:09 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-17 21:27:25 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\EncDump.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-17 21:27:08 ----A---- C:\Windows\system32\oleaut32.dll
2014-11-17 21:19:41 ----A---- C:\Windows\system32\win32k.sys
2014-11-17 20:28:37 ----A---- C:\awhE995.tmp
2014-11-17 20:26:11 ----A---- C:\Windows\system32\vbscript.dll
2014-11-17 20:26:11 ----A---- C:\Windows\system32\mshta.exe
2014-11-17 20:26:11 ----A---- C:\Windows\system32\msfeedssync.exe
2014-11-17 20:26:11 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-11-17 20:26:11 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\urlmon.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\jscript.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-17 20:26:09 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-17 20:26:09 ----A---- C:\Windows\system32\iertutil.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\wininet.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\url.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\ieui.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\ieframe.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-17 20:26:03 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-17 20:26:02 ----A---- C:\Windows\system32\jscript9.dll
2014-11-17 20:26:01 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 19:20:36 ----A---- C:\awh7AA6.tmp
2014-11-08 20:25:00 ----A---- C:\awh523.tmp
2014-11-04 19:41:44 ----A---- C:\awh2FFC.tmp
2014-11-02 19:51:28 ----A---- C:\awh27FD.tmp
2014-10-28 18:39:20 ----A---- C:\awhD5FB.tmp

======List of files/folders modified in the last 1 month======

2014-11-24 09:02:29 ----D---- C:\Windows\Prefetch
2014-11-24 09:02:19 ----D---- C:\Program Files\trend micro
2014-11-24 09:01:35 ----RD---- C:\Program Files
2014-11-24 09:01:34 ----D---- C:\Windows\system32\drivers
2014-11-23 18:26:09 ----D---- C:\Windows\System32
2014-11-23 18:26:09 ----D---- C:\Windows\inf
2014-11-23 18:26:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-23 16:36:59 ----SHD---- C:\System Volume Information
2014-11-23 12:14:02 ----D---- C:\Windows
2014-11-21 22:21:16 ----D---- C:\Windows\DigitalLocker
2014-11-21 19:37:52 ----D---- C:\Program Files\Dolphin Deals
2014-11-21 18:13:57 ----D---- C:\Windows\system32\drivers\etc
2014-11-21 18:05:59 ----D---- C:\Windows\winsxs
2014-11-21 18:05:55 ----D---- C:\Windows\system32\catroot
2014-11-21 17:58:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-11-21 17:20:09 ----D---- C:\ProgramData\Freemake
2014-11-21 17:19:47 ----D---- C:\Program Files\Freemake
2014-11-21 17:18:50 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2014-11-21 17:17:32 ----D---- C:\Program Files\Seznam.cz
2014-11-21 16:51:56 ----D---- C:\Windows\system32\LogFiles
2014-11-21 16:51:54 ----D---- C:\Windows\Debug
2014-11-21 16:22:06 ----A---- C:\Windows\system.ini
2014-11-21 16:20:21 ----D---- C:\Windows\system32\config
2014-11-21 16:17:24 ----D---- C:\ProgramData
2014-11-21 16:17:22 ----D---- C:\Program Files\Common Files\Config
2014-11-21 16:14:57 ----AD---- C:\ProgramData\TEMP
2014-11-21 16:14:45 ----D---- C:\Windows\AppPatch
2014-11-21 16:14:43 ----D---- C:\Program Files\Common Files
2014-11-21 16:00:09 ----D---- C:\AdwCleaner
2014-11-21 15:30:16 ----D---- C:\Windows\rescache
2014-11-21 15:27:42 ----D---- C:\Windows\Microsoft.NET
2014-11-21 15:27:06 ----RSD---- C:\Windows\assembly
2014-11-21 15:11:33 ----D---- C:\Program Files\PDApp
2014-11-21 15:08:24 ----D---- C:\Windows\system32\cs-CZ
2014-11-21 15:08:22 ----D---- C:\Windows\system32\migration
2014-11-21 15:08:22 ----D---- C:\Program Files\Internet Explorer
2014-11-17 21:34:34 ----D---- C:\Windows\system32\catroot2
2014-11-17 21:33:59 ----SHD---- C:\Windows\Installer
2014-11-17 21:33:47 ----D---- C:\ProgramData\Microsoft Help
2014-11-17 21:26:13 ----D---- C:\Windows\system32\MRT
2014-11-17 21:20:32 ----A---- C:\Windows\system32\mrt.exe
2014-11-17 21:00:03 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-11-17 20:45:47 ----D---- C:\Windows\Tasks
2014-11-17 20:18:24 ----HD---- C:\Program Files\InstallShield Installation Information
2014-10-30 12:24:45 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-01-17 40560]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 231800]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-01-15 691696]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2010-01-17 385544]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2010-01-17 34392]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2014-01-14 47616]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 afv45jze;afv45jze; C:\Windows\system32\drivers\afv45jze.sys []
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 catchme;catchme; \??\C:\xyz\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-08-17 13528]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2014-08-17 26328]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 22192]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-15 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-15 116648]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-02-17 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\OX.job
c:\users\Petr\AppData\Roaming\OX.exe
D:\Zaloha\Users\Petr\Downloads\total commander powerpack setup (1).exe
D:\Zaloha\Users\Petr\Downloads\total commander powerpack setup.exe
D:\Zaloha\Windows\Installer\5a9c1.msi

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=-
"Sony PC Companion"=-
"cz.seznam.software.autoupdate"=-
"cz.seznam.software.szndesktop"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"seznam-listicka-distribuce"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[willimetz1]

ComboFix 14-11-18.01 - Petr 24.11.2014 13:44:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.1821 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Petr\AppData\Roaming\OX.exe"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\OX.job"
"d:\zaloha\Users\Petr\Downloads\total commander powerpack setup (1).exe"
"d:\zaloha\Users\Petr\Downloads\total commander powerpack setup.exe"
"d:\zaloha\Windows\Installer\5a9c1.msi"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\OX.job
d:\zaloha\Users\Petr\Downloads\total commander powerpack setup (1).exe
d:\zaloha\Users\Petr\Downloads\total commander powerpack setup.exe
d:\zaloha\Windows\Installer\5a9c1.msi
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-24 do 2014-11-24 )))))))))))))))))))))))))))))))
.
.
2014-11-24 12:49 . 2014-11-24 13:18 -------- d-----w- c:\users\Petr\AppData\Local\temp
2014-11-24 12:49 . 2014-11-24 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-23 17:40 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F0BD0C2-EE15-4983-BA1B-21E92B39A7FF}\mpengine.dll
2014-11-22 15:16 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-21 20:52 . 2014-11-21 20:53 -------- d-----w- C:\rsit
2014-11-21 17:05 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-21 16:17 . 2014-11-21 16:18 -------- d-----w- c:\program files\PCDApp
2014-11-21 14:37 . 2014-09-17 16:59 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F24982DC-E7FB-4DC5-BAC7-80B08CCD5D0D}\gapaengine.dll
2014-11-17 20:34 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-17 20:34 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-17 20:34 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-17 20:34 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-17 20:33 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-17 20:33 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-17 20:32 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-17 20:32 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-17 20:29 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-17 20:27 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-17 20:27 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-17 20:27 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-17 20:27 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-17 20:27 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-17 20:19 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-17 19:28 . 2014-11-17 19:28 687 ----a-w- C:\awhE995.tmp
2014-11-12 18:20 . 2014-11-12 18:20 687 ----a-w- C:\awh7AA6.tmp
2014-11-08 19:25 . 2014-11-08 19:25 687 ----a-w- C:\awh523.tmp
2014-11-04 18:41 . 2014-11-04 18:41 687 ----a-w- C:\awh2FFC.tmp
2014-11-02 18:51 . 2014-11-02 18:51 687 ----a-w- C:\awh27FD.tmp
2014-10-28 17:39 . 2014-10-28 17:39 687 ----a-w- C:\awhD5FB.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-17 20:00 . 2014-02-17 17:24 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-17 20:00 . 2014-02-17 17:24 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2014-01-15 00:06 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-21 20:01 . 2014-10-21 20:01 687 ----a-w- C:\awhE084.tmp
2014-10-21 19:46 . 2014-10-21 19:46 687 ----a-w- C:\awh80C.tmp
2014-10-17 19:26 . 2014-10-17 19:26 687 ----a-w- C:\awhAEB6.tmp
2014-10-11 18:48 . 2014-10-11 18:48 687 ----a-w- C:\awh2E08.tmp
2014-10-10 19:51 . 2014-10-10 19:51 687 ----a-w- C:\awh7710.tmp
2014-10-09 18:56 . 2014-10-09 18:56 687 ----a-w- C:\awhEEAD.tmp
2014-10-09 18:26 . 2014-10-09 18:26 687 ----a-w- C:\awhB58C.tmp
2014-10-08 17:48 . 2014-10-08 17:48 687 ----a-w- C:\awh6D05.tmp
2014-10-07 18:37 . 2014-10-07 18:37 687 ----a-w- C:\awhFAD5.tmp
2014-10-04 05:31 . 2014-10-04 05:31 687 ----a-w- C:\awhA3DD.tmp
2014-09-17 16:59 . 2014-01-24 18:53 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 06:24 . 2014-09-24 20:27 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27 . 2014-10-17 19:41 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 15:50 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-24 14:18
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1998666757-1336502068-695087611-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAujj2TkWPqU2J6AAtQh6LvgAAAAACAAAAAAADZgAAqAAAABAAAACMHfKNchPXACVcxwz0rdfeAAAAAASAAACgAAAAEAAAAF/rZAcdpIYnvjGY+bd0zkAIAAAACREMP68nKIEUAAAA/rEAjrjWRlP9SsjrJIt1A1owKTE="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAujj2TkWPqU2J6AAtQh6LvgAAAAACAAAAAAADZgAAqAAAABAAAABH54P0RCZBnkQIE3hQa5p3AAAAAASAAACgAAAAEAAAADxrep0aaiS+G4aWYqlLK1sYAAAAb7E1n10y0lzs4C1QzK8kcg3epZlytb8QFAAAABf+vywnkxPIsDPb1hejfUbV6Kwz"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAujj2TkWPqU2J6AAtQh6LvgAAAAACAAAAAAADZgAAqAAAABAAAAC9hQMo2+N4O6CR1iPMkN+7AAAAAASAAACgAAAAEAAAAPfyP+TrW6ToYZGLayWSJO0YAAAAxteY22jIlh4UfAJd6LfE9H9wJdgUHV3lFAAAALWRCHXuTsuYa7CL6DvT9QBfC7bi"
.
[HKEY_USERS\S-1-5-21-1998666757-1336502068-695087611-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):b0,5a,a5,b3,b1,ab,d1,08
"DeltaClock"=hex(b):ff,dd,12,f7,ff,ff,ff,ff
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\TeamViewer\Version9\TeamViewer_Service.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\program files\TeamViewer\Version9\tv_w32.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-11-24 14:20:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-24 13:20
.
Před spuštěním: Volných bajtů: 37 313 060 864
Po spuštění: Volných bajtů: 37 244 829 696
.
- - End Of File - - DA8D819448688D4BEED014D66C8756A2
64B1E91C5C6C2157642651010728F90F

[Márty84]

Dejte novy log z RSIT

[willimetz1]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2014-11-24 19:08:52
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 36 GB (30%) free of 119 GB
Total RAM: 3071 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:09:11, on 24.11.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16592)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 4302 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 974432]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=serwvdrv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-11-24 14:20:21 ----D---- C:\Windows\temp
2014-11-24 14:20:18 ----A---- C:\ComboFix.txt
2014-11-24 14:18:12 ----D---- C:\$RECYCLE.BIN
2014-11-24 13:43:08 ----A---- C:\Windows\zip.exe
2014-11-24 13:43:08 ----A---- C:\Windows\SWSC.exe
2014-11-24 13:43:08 ----A---- C:\Windows\SWREG.exe
2014-11-24 13:43:08 ----A---- C:\Windows\sed.exe
2014-11-24 13:43:08 ----A---- C:\Windows\PEV.exe
2014-11-24 13:43:08 ----A---- C:\Windows\MBR.exe
2014-11-24 13:43:08 ----A---- C:\Windows\grep.exe
2014-11-24 13:43:00 ----AD---- C:\Qoobox
2014-11-21 22:21:30 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-11-21 21:52:45 ----D---- C:\rsit
2014-11-21 18:05:41 ----A---- C:\Windows\system32\kerberos.dll
2014-11-21 17:17:22 ----D---- C:\Program Files\PCDApp
2014-11-21 16:06:25 ----A---- C:\Windows\NIRCMD.exe
2014-11-21 16:05:29 ----D---- C:\Windows\erdnt
2014-11-17 21:34:06 ----A---- C:\Windows\system32\msaudite.dll
2014-11-17 21:34:05 ----A---- C:\Windows\system32\adtschema.dll
2014-11-17 21:34:02 ----A---- C:\Windows\system32\termsrv.dll
2014-11-17 21:34:02 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-17 21:33:06 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-17 21:33:05 ----A---- C:\Windows\system32\msxml3.dll
2014-11-17 21:32:33 ----A---- C:\Windows\system32\schannel.dll
2014-11-17 21:32:13 ----A---- C:\Windows\system32\packager.dll
2014-11-17 21:29:09 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-17 21:27:25 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\EncDump.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-17 21:27:24 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-17 21:27:08 ----A---- C:\Windows\system32\oleaut32.dll
2014-11-17 21:19:41 ----A---- C:\Windows\system32\win32k.sys
2014-11-17 20:28:37 ----A---- C:\awhE995.tmp
2014-11-17 20:26:11 ----A---- C:\Windows\system32\vbscript.dll
2014-11-17 20:26:11 ----A---- C:\Windows\system32\mshta.exe
2014-11-17 20:26:11 ----A---- C:\Windows\system32\msfeedssync.exe
2014-11-17 20:26:11 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-11-17 20:26:11 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\urlmon.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\jscript.dll
2014-11-17 20:26:10 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-17 20:26:09 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-17 20:26:09 ----A---- C:\Windows\system32\iertutil.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\wininet.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\url.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\ieui.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\ieframe.dll
2014-11-17 20:26:08 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-17 20:26:03 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-17 20:26:02 ----A---- C:\Windows\system32\jscript9.dll
2014-11-17 20:26:01 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 19:20:36 ----A---- C:\awh7AA6.tmp
2014-11-08 20:25:00 ----A---- C:\awh523.tmp
2014-11-04 19:41:44 ----A---- C:\awh2FFC.tmp
2014-11-02 19:51:28 ----A---- C:\awh27FD.tmp
2014-10-28 18:39:20 ----A---- C:\awhD5FB.tmp

======List of files/folders modified in the last 1 month======

2014-11-24 19:09:10 ----D---- C:\Windows\Prefetch
2014-11-24 19:09:00 ----D---- C:\Program Files\trend micro
2014-11-24 19:07:48 ----D---- C:\Windows\System32
2014-11-24 19:07:48 ----D---- C:\Windows\inf
2014-11-24 19:07:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-24 14:20:22 ----D---- C:\Windows\system32\drivers
2014-11-24 14:20:21 ----D---- C:\Windows
2014-11-24 14:18:18 ----A---- C:\Windows\system.ini
2014-11-24 14:18:09 ----D---- C:\Windows\system32\drivers\etc
2014-11-24 13:49:11 ----D---- C:\Windows\Tasks
2014-11-24 13:47:16 ----D---- C:\Windows\AppPatch
2014-11-24 13:47:14 ----D---- C:\Program Files\Common Files
2014-11-24 09:44:27 ----SHD---- C:\System Volume Information
2014-11-24 09:01:35 ----RD---- C:\Program Files
2014-11-21 22:21:16 ----D---- C:\Windows\DigitalLocker
2014-11-21 19:37:52 ----D---- C:\Program Files\Dolphin Deals
2014-11-21 18:05:59 ----D---- C:\Windows\winsxs
2014-11-21 18:05:55 ----D---- C:\Windows\system32\catroot
2014-11-21 17:58:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-11-21 17:20:09 ----D---- C:\ProgramData\Freemake
2014-11-21 17:19:47 ----D---- C:\Program Files\Freemake
2014-11-21 17:18:50 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2014-11-21 17:17:32 ----D---- C:\Program Files\Seznam.cz
2014-11-21 16:51:56 ----D---- C:\Windows\system32\LogFiles
2014-11-21 16:51:54 ----D---- C:\Windows\Debug
2014-11-21 16:20:21 ----D---- C:\Windows\system32\config
2014-11-21 16:17:24 ----D---- C:\ProgramData
2014-11-21 16:17:22 ----D---- C:\Program Files\Common Files\Config
2014-11-21 16:14:57 ----AD---- C:\ProgramData\TEMP
2014-11-21 16:00:09 ----D---- C:\AdwCleaner
2014-11-21 15:30:16 ----D---- C:\Windows\rescache
2014-11-21 15:27:42 ----D---- C:\Windows\Microsoft.NET
2014-11-21 15:27:06 ----RSD---- C:\Windows\assembly
2014-11-21 15:11:33 ----D---- C:\Program Files\PDApp
2014-11-21 15:08:24 ----D---- C:\Windows\system32\cs-CZ
2014-11-21 15:08:22 ----D---- C:\Windows\system32\migration
2014-11-21 15:08:22 ----D---- C:\Program Files\Internet Explorer
2014-11-17 21:34:34 ----D---- C:\Windows\system32\catroot2
2014-11-17 21:33:59 ----SHD---- C:\Windows\Installer
2014-11-17 21:33:47 ----D---- C:\ProgramData\Microsoft Help
2014-11-17 21:26:13 ----D---- C:\Windows\system32\MRT
2014-11-17 21:20:32 ----A---- C:\Windows\system32\mrt.exe
2014-11-17 21:00:03 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-11-17 20:18:24 ----HD---- C:\Program Files\InstallShield Installation Information
2014-10-30 12:24:45 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-01-17 40560]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 231800]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-01-15 691696]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2010-01-17 385544]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2010-01-17 34392]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2014-01-14 47616]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 amf1qk5b;amf1qk5b; C:\Windows\system32\drivers\amf1qk5b.sys []
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-08-17 13528]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2014-08-17 26328]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 mbr;mbr; \??\C:\Users\Petr\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 22192]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-15 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-15 116648]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-02-17 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[willimetz1]

Tak co, vypada to uz dobre?

[Márty84]

Nepospichejte na mne, obcas musim zajit i do prace. Forum me sice bavi, ale jidlo si za to neporidim



Vypnete antivir, at nebrani programu v praci.
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
MBAMSwissArmy
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\ProgramData\Spybot - Search & Destroy

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

[willimetz1]

Pardon, jsem uz netrpelivy...

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Petr
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 2470852 bytes
->Google Chrome cache emptied: 17184280 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 10992 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9378 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1599109 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Petr
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTM Restore Point
========== SERVICES/DRIVERS ==========
Service MBAMSwissArmy stopped successfully!
Service MBAMSwissArmy deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Excludes folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Backups folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 11252014_101355