VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Počítač prolezlý skrz na skrz

https://forum.viry.cz:443/viewtopic.php?t=142030

Stránka 1 z 2

Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 14:08
od Stacy.15
Dobrý den, přítelkyně měla asi týden vypnutou Firewall a teď se jí notebook kouše neskutečným způsobem, pořádně už nezapne ani internet, proto mě poprosila abych Vás tu požádal o pomoc. Zde je RSIT log z jejího notebooku:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Luci at 2014-12-23 13:50:33
Microsoft Windows 7 Home Premium
System drive C: has 18 GB (15%) free of 119 GB
Total RAM: 4095 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:50:38, on 23.12.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Users\Luci\AppData\Local\iLivid\iLivid.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Program Files\trend micro\Luci.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A& ... 12-261&t=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [icq] C:\Users\Luci\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [iLivid] "C:\Users\Luci\AppData\Local\iLivid\iLivid.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Luci\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1419286344
O4 - Startup: Kooperativa - PDF Server.lnk = C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - Global Startup: Virtual Router Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Luci\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Luci\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{72D510A5-EA2B-4BEC-A595-C2E3C98AA93C}: NameServer = 10.128.7.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B5EEE6F-3D7D-4CE6-838A-E5F74F82D6DB}: NameServer = 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KoopPdfService - Unknown owner - C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10515 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "236897651063071368765515892450939502-4607979004801189641192684303-1164442807
C:\Windows\Explorer.EXE
taskeng.exe {E671AEA1-16E9-4D4E-922A-BC0699D579C6}
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
"C:\Users\Luci\AppData\Local\iLivid\iLivid.exe" -autorun
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
Atouch64.exe
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
ATKOSD.exe
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
KBFiltr.exe
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
WDC.exe
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
szndesktop.exe default start
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exe" /min
"C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
"C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe"
\??\C:\Windows\system32\conhost.exe "-1252273949-1016850719-1904361173-1051300524-913171649936364876-19745297421257950261
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4104.181f00c0.1047396033 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4104 "\\.\pipe\gecko-crash-server-pipe.4104" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe" --proxy-stub-channel=Flash5876.648F5348.6374 --host-broker-channel=Flash5876.648F5348.22822 --host-pid=5876 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe" --channel=1484.0037F414.195346634 --proxy-stub-channel=Flash5876.648F5348.6374 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll" --host-npapi-version=27 --type=renderer
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Luci\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll


C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\extensions\
{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
{f6b3c972-5bb5-48ca-a9e7-d26a28a366d5}

C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\searchplugins\
Ask.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-09 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-04 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-04 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"icq"=C:\Users\Luci\AppData\Roaming\ICQM\icq.exe [2013-07-04 28696936]
"iLivid"=C:\Users\Luci\AppData\Local\iLivid\iLivid.exe [2014-02-12 7307776]
"cz.seznam.software.autoupdate"=C:\Users\Luci\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1419286344 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2014-09-09 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-05-13 10810912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-20 170624]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-04-26 1597440]
"SafeQ Client"=C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2013-01-07 259072]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04 4085896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
Virtual Router Manager.lnk - C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe

C:\Users\Luci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Kooperativa - PDF Server.lnk - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-07-14 115200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-12-22 23:16:09 ----D---- C:\Program Files\McAfee Security Scan
2014-12-22 09:18:25 ----D---- C:\Windows\system32\SPReview
2014-12-21 15:31:55 ----D---- C:\ProgramData\McAfee Security Scan
2014-12-17 21:18:10 ----D---- C:\Users\Luci\AppData\Roaming\WebTest
2014-12-17 21:17:58 ----D---- C:\Program Files (x86)\Winhotspot
2014-12-14 13:13:07 ----A---- C:\Windows\system32\drivers\ndiskhaz.sys
2014-12-14 13:04:51 ----D---- C:\Program Files (x86)\DanuSoft
2014-12-14 13:04:06 ----D---- C:\ProgramData\APN
2014-12-10 03:40:46 ----D---- C:\Windows\system32\appraiser
2014-12-10 02:49:32 ----A---- C:\Windows\system32\appraiser.dll
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aitstatic.exe
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aepic.dll
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aeinv.dll
2014-12-10 02:49:31 ----A---- C:\Windows\system32\invagent.dll
2014-12-10 02:49:30 ----A---- C:\Windows\system32\generaltel.dll
2014-12-10 02:49:30 ----A---- C:\Windows\system32\devinv.dll
2014-12-10 02:49:29 ----A---- C:\Windows\system32\aepdu.dll
2014-12-03 22:29:52 ----D---- C:\Users\Luci\AppData\Roaming\Ulozto File Manager
2014-12-02 02:05:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-29 23:43:53 ----A---- C:\Windows\system32\drivers\cnnctfy3.sys
2014-11-29 22:50:13 ----D---- C:\Program Files (x86)\Virtual Router
2014-11-29 18:34:15 ----D---- C:\UpdateChromeLinksLogs
2014-11-29 18:33:50 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2014-11-29 18:33:50 ----A---- C:\Windows\SYSWOW64\mfc71.dll
2014-11-29 18:33:49 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
2014-11-28 16:27:43 ----A---- C:\Windows\system32\drivers\ndisrd.sys
2014-11-28 03:01:44 ----D---- C:\86180ba7349897152a8b47b7a6c602

======List of files/folders modified in the last 1 month======

2014-12-23 13:50:38 ----D---- C:\Windows\Prefetch
2014-12-23 13:50:36 ----D---- C:\Program Files\Trend Micro
2014-12-23 13:07:17 ----D---- C:\Windows\temp
2014-12-23 00:00:24 ----D---- C:\Windows\System32
2014-12-23 00:00:24 ----D---- C:\Windows\inf
2014-12-23 00:00:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-22 23:28:53 ----D---- C:\Windows\system32\config
2014-12-22 23:17:38 ----D---- C:\Users\Luci\AppData\Roaming\Seznam.cz
2014-12-22 23:16:09 ----RD---- C:\Program Files (x86)
2014-12-22 23:16:09 ----D---- C:\Program Files
2014-12-22 23:12:41 ----D---- C:\Windows\system32\Tasks
2014-12-22 09:18:21 ----SHD---- C:\System Volume Information
2014-12-21 15:31:55 ----D---- C:\ProgramData
2014-12-21 15:31:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-18 23:29:06 ----D---- C:\Program Files (x86)\The KMPlayer
2014-12-16 03:03:56 ----D---- C:\Windows\system32\catroot2
2014-12-14 13:32:30 ----D---- C:\Windows\system32\drivers\etc
2014-12-14 13:13:53 ----D---- C:\Windows\system32\drivers
2014-12-14 13:13:48 ----D---- C:\Windows\system32\catroot
2014-12-14 13:13:46 ----D---- C:\Windows\system32\DriverStore
2014-12-14 13:12:25 ----SHD---- C:\Windows\Installer
2014-12-14 13:12:24 ----SHD---- C:\Config.Msi
2014-12-14 10:40:55 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-14 10:40:53 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 10:17:41 ----D---- C:\Windows\SysWOW64
2014-12-10 03:43:01 ----D---- C:\Windows\winsxs
2014-12-10 03:40:49 ----SD---- C:\Windows\system32\CompatTel
2014-12-10 03:40:49 ----D---- C:\Windows\AppPatch
2014-12-10 03:40:49 ----D---- C:\Windows\AppCompat
2014-12-10 03:40:45 ----SD---- C:\ProgramData\Microsoft
2014-12-10 03:24:48 ----D---- C:\ProgramData\Microsoft Help
2014-12-10 03:23:03 ----D---- C:\Windows\system32\MRT
2014-12-10 03:15:54 ----A---- C:\Windows\system32\MRT.exe
2014-12-07 20:14:55 ----D---- C:\Users\Luci\AppData\Roaming\vlc
2014-12-04 05:29:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-30 11:40:40 ----A---- C:\Windows\system32\AutoRunFilter.ini
2014-11-30 04:04:05 ----D---- C:\NVIDIA
2014-11-29 23:35:55 ----SD---- C:\Users\Luci\AppData\Roaming\Microsoft
2014-11-29 23:29:10 ----D---- C:\Program Files (x86)\T-Mobile

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2014-09-09 35384]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-04 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-04 224896]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-08 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-08-12 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-04 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-24 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-04 427360]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-04 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-04 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-04 92008]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-05-13 2368160]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2010-03-22 29800]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-18 236544]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-12 1799680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz135;cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-09 61792]
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-12-08 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-04 50344]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 KoopPdfService;KoopPdfService; C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe [2013-05-29 2454016]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-09 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-02 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-01 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 14:47
od Rudy
Zdravím!
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 15:23
od Stacy.15
# AdwCleaner v4.106 - Report created 23/12/2014 at 15:16:56
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Luci - LUCKY-PC
# Running from : C:\Users\Luci\Downloads\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Users\Luci\AppData\Local\iLivid
Folder Deleted : C:\Users\Luci\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Luci\AppData\LocalLow\ilividmoviestoolbar181
Folder Deleted : C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Deleted : C:\Users\Luci\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Deleted : C:\Users\Luci\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
File Deleted : C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\invalidprefs.js
File Deleted : C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
File Deleted : C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
File Deleted : C:\Users\Luci\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1DAC034-9FD9-4C13-A388-D2E10E57707F}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividmoviestoolbar181
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B0-0405-0000-0000000FF1CE}
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v34.0 (x86 cs)

[fy162b2h.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v39.0.2171.95

[C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=706&systemid=406&v=a12712-261&apn_uid=0451438613544417&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=706&systemid=406&v=a12712-261&apn_uid=0451438613544417&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Luci\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-11-29&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=706&systemid=406&v=a12712-261&apn_uid=0451438613544417&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=706&systemid=406&v=a12712-261&apn_uid=0451438613544417&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Luci\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-11-29&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Luci\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Luci\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko

*************************

AdwCleaner[R0].txt - [1973 octets] - [25/11/2013 14:30:59]
AdwCleaner[R1].txt - [8309 octets] - [23/12/2014 15:11:20]
AdwCleaner[S0].txt - [2029 octets] - [25/11/2013 14:32:02]
AdwCleaner[S1].txt - [8087 octets] - [23/12/2014 15:16:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8147 octets] ##########

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 16:22
od Rudy
Dejte nový log RSIT.

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 16:51
od Stacy.15
Logfile of random's system information tool 1.10 (written by random/random)
Run by Luci at 2014-12-23 16:50:20
Microsoft Windows 7 Home Premium
System drive C: has 17 GB (14%) free of 119 GB
Total RAM: 4095 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:50:22, on 23.12.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\BSPlayer\bsplayer.exe
C:\Program Files\trend micro\Luci.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [icq] C:\Users\Luci\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Luci\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Kooperativa - PDF Server.lnk = C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - Global Startup: Virtual Router Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Luci\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Luci\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{72D510A5-EA2B-4BEC-A595-C2E3C98AA93C}: NameServer = 10.128.7.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B5EEE6F-3D7D-4CE6-838A-E5F74F82D6DB}: NameServer = 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KoopPdfService - Unknown owner - C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9995 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"taskhost.exe"
taskeng.exe {F24D6ED3-BE40-4317-AC86-FCAD65BA016C}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
Atouch64.exe
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "793820940-1527171204212670406715025069431798540759-183094809930067528-996260025
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
szndesktop.exe default start
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "21457744001758004880-1267566693-209307383-83946106512870497732146944913-617891428
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exe" /min
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
"C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\BSPlayer\bsplayer.exe" "D:\filmy\O-pokladech--(2012)-TVRip-Pohadka-Cz.avi"
"C:\Users\Luci\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll


C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\extensions\
{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
{f6b3c972-5bb5-48ca-a9e7-d26a28a366d5}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-09 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-04 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-04 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"icq"=C:\Users\Luci\AppData\Roaming\ICQM\icq.exe [2013-07-04 28696936]
"cz.seznam.software.autoupdate"=C:\Users\Luci\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2014-09-09 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-05-13 10810912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-20 170624]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-04-26 1597440]
"SafeQ Client"=C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2013-01-07 259072]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04 4085896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
Virtual Router Manager.lnk - C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe

C:\Users\Luci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Kooperativa - PDF Server.lnk - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-07-14 115200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-12-22 23:16:09 ----D---- C:\Program Files\McAfee Security Scan
2014-12-22 09:18:25 ----D---- C:\Windows\system32\SPReview
2014-12-21 15:31:55 ----D---- C:\ProgramData\McAfee Security Scan
2014-12-17 21:18:10 ----D---- C:\Users\Luci\AppData\Roaming\WebTest
2014-12-17 21:17:58 ----D---- C:\Program Files (x86)\Winhotspot
2014-12-14 13:13:07 ----A---- C:\Windows\system32\drivers\ndiskhaz.sys
2014-12-14 13:04:51 ----D---- C:\Program Files (x86)\DanuSoft
2014-12-10 03:40:46 ----D---- C:\Windows\system32\appraiser
2014-12-10 02:49:32 ----A---- C:\Windows\system32\appraiser.dll
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aitstatic.exe
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aepic.dll
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aeinv.dll
2014-12-10 02:49:31 ----A---- C:\Windows\system32\invagent.dll
2014-12-10 02:49:30 ----A---- C:\Windows\system32\generaltel.dll
2014-12-10 02:49:30 ----A---- C:\Windows\system32\devinv.dll
2014-12-10 02:49:29 ----A---- C:\Windows\system32\aepdu.dll
2014-12-03 22:29:52 ----D---- C:\Users\Luci\AppData\Roaming\Ulozto File Manager
2014-12-02 02:05:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-29 23:43:53 ----A---- C:\Windows\system32\drivers\cnnctfy3.sys
2014-11-29 22:50:13 ----D---- C:\Program Files (x86)\Virtual Router
2014-11-29 18:34:15 ----D---- C:\UpdateChromeLinksLogs
2014-11-29 18:33:50 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2014-11-29 18:33:50 ----A---- C:\Windows\SYSWOW64\mfc71.dll
2014-11-29 18:33:49 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
2014-11-28 16:27:43 ----A---- C:\Windows\system32\drivers\ndisrd.sys
2014-11-28 03:01:44 ----D---- C:\86180ba7349897152a8b47b7a6c602

======List of files/folders modified in the last 1 month======

2014-12-23 16:50:22 ----D---- C:\Program Files\Trend Micro
2014-12-23 15:33:27 ----D---- C:\Windows\system32\config
2014-12-23 15:24:09 ----D---- C:\Users\Luci\AppData\Roaming\Seznam.cz
2014-12-23 15:20:11 ----SHD---- C:\Windows\Installer
2014-12-23 15:20:11 ----SHD---- C:\Config.Msi
2014-12-23 15:20:10 ----D---- C:\Windows\system32\Tasks
2014-12-23 15:20:03 ----D---- C:\Windows\temp
2014-12-23 15:19:53 ----D---- C:\Windows\Prefetch
2014-12-23 15:17:02 ----D---- C:\AdwCleaner
2014-12-23 15:16:57 ----D---- C:\ProgramData
2014-12-23 00:00:24 ----D---- C:\Windows\System32
2014-12-23 00:00:24 ----D---- C:\Windows\inf
2014-12-23 00:00:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-22 23:16:09 ----RD---- C:\Program Files (x86)
2014-12-22 23:16:09 ----D---- C:\Program Files
2014-12-22 09:18:21 ----SHD---- C:\System Volume Information
2014-12-21 15:31:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-18 23:29:06 ----D---- C:\Program Files (x86)\The KMPlayer
2014-12-16 03:03:56 ----D---- C:\Windows\system32\catroot2
2014-12-14 13:32:30 ----D---- C:\Windows\system32\drivers\etc
2014-12-14 13:13:53 ----D---- C:\Windows\system32\drivers
2014-12-14 13:13:48 ----D---- C:\Windows\system32\catroot
2014-12-14 13:13:46 ----D---- C:\Windows\system32\DriverStore
2014-12-14 10:40:55 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-14 10:40:53 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 10:17:41 ----D---- C:\Windows\SysWOW64
2014-12-10 03:43:01 ----D---- C:\Windows\winsxs
2014-12-10 03:40:49 ----SD---- C:\Windows\system32\CompatTel
2014-12-10 03:40:49 ----D---- C:\Windows\AppPatch
2014-12-10 03:40:49 ----D---- C:\Windows\AppCompat
2014-12-10 03:40:45 ----SD---- C:\ProgramData\Microsoft
2014-12-10 03:24:48 ----D---- C:\ProgramData\Microsoft Help
2014-12-10 03:23:03 ----D---- C:\Windows\system32\MRT
2014-12-10 03:15:54 ----A---- C:\Windows\system32\MRT.exe
2014-12-07 20:14:55 ----D---- C:\Users\Luci\AppData\Roaming\vlc
2014-12-04 05:29:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-30 11:40:40 ----A---- C:\Windows\system32\AutoRunFilter.ini
2014-11-30 04:04:05 ----D---- C:\NVIDIA
2014-11-29 23:35:55 ----SD---- C:\Users\Luci\AppData\Roaming\Microsoft
2014-11-29 23:29:10 ----D---- C:\Program Files (x86)\T-Mobile

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2014-09-09 35384]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-04 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-04 224896]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-08 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-08-12 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-04 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-24 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-04 427360]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-04 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-04 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-04 92008]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-05-13 2368160]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2010-03-22 29800]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-18 236544]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-12 1799680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz135;cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-09 61792]
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-12-08 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-04 50344]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 KoopPdfService;KoopPdfService; C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe [2013-05-29 2454016]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-09 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-02 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-01 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 17:47
od Rudy
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Program Files\McAfee Security Scan
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

:services
McComponentHostService

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Před skenem vypněte Avast a po něm restartujte PC. Dejte nový log RSIT.

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 20:03
od Stacy.15
log z RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Luci at 2014-12-23 20:02:20
Microsoft Windows 7 Home Premium
System drive C: has 17 GB (14%) free of 119 GB
Total RAM: 4095 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:02:24, on 23.12.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Luci\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Luci.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [icq] C:\Users\Luci\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Luci\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Kooperativa - PDF Server.lnk = C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
O4 - Global Startup: Virtual Router Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Luci\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Luci\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{72D510A5-EA2B-4BEC-A595-C2E3C98AA93C}: NameServer = 10.128.7.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B5EEE6F-3D7D-4CE6-838A-E5F74F82D6DB}: NameServer = 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KoopPdfService - Unknown owner - C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9596 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
Atouch64.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
ATKOSD.exe
taskeng.exe {F769E33C-2DDE-40B4-AF59-FA32B058BA97}
taskeng.exe {C06766BA-3978-41EF-9CFA-22778A992085}
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe"
"C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\alg.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1650578902648860901-14333946701503440212-1527020553815262209979082922038395370
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Users\Luci\AppData\Roaming\Seznam.cz\szninstall.exe" -c
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
szndesktop.exe default start
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "102258193411208861291810262313489219626405498128329360015278142701923619273
"C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
C:\Windows\servicing\TrustedInstaller.exe
"C:\Users\Luci\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll


C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\extensions\
{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
{f6b3c972-5bb5-48ca-a9e7-d26a28a366d5}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-09 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-04 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-04 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"icq"=C:\Users\Luci\AppData\Roaming\ICQM\icq.exe [2013-07-04 28696936]
"cz.seznam.software.autoupdate"=C:\Users\Luci\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Luci\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2014-09-09 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-05-13 10810912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-20 170624]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-04-26 1597440]
"SafeQ Client"=C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2013-01-07 259072]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04 4085896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Virtual Router Manager.lnk - C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe

C:\Users\Luci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Kooperativa - PDF Server.lnk - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-07-14 115200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-12-22 09:18:25 ----D---- C:\Windows\system32\SPReview
2014-12-21 15:31:55 ----D---- C:\ProgramData\McAfee Security Scan
2014-12-17 21:18:10 ----D---- C:\Users\Luci\AppData\Roaming\WebTest
2014-12-17 21:17:58 ----D---- C:\Program Files (x86)\Winhotspot
2014-12-14 13:13:07 ----A---- C:\Windows\system32\drivers\ndiskhaz.sys
2014-12-14 13:04:51 ----D---- C:\Program Files (x86)\DanuSoft
2014-12-10 03:40:46 ----D---- C:\Windows\system32\appraiser
2014-12-10 02:49:32 ----A---- C:\Windows\system32\appraiser.dll
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aitstatic.exe
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aepic.dll
2014-12-10 02:49:32 ----A---- C:\Windows\system32\aeinv.dll
2014-12-10 02:49:31 ----A---- C:\Windows\system32\invagent.dll
2014-12-10 02:49:30 ----A---- C:\Windows\system32\generaltel.dll
2014-12-10 02:49:30 ----A---- C:\Windows\system32\devinv.dll
2014-12-10 02:49:29 ----A---- C:\Windows\system32\aepdu.dll
2014-12-03 22:29:52 ----D---- C:\Users\Luci\AppData\Roaming\Ulozto File Manager
2014-12-02 02:05:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-29 23:43:53 ----A---- C:\Windows\system32\drivers\cnnctfy3.sys
2014-11-29 22:50:13 ----D---- C:\Program Files (x86)\Virtual Router
2014-11-29 18:34:15 ----D---- C:\UpdateChromeLinksLogs
2014-11-29 18:33:50 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2014-11-29 18:33:50 ----A---- C:\Windows\SYSWOW64\mfc71.dll
2014-11-29 18:33:49 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
2014-11-28 16:27:43 ----A---- C:\Windows\system32\drivers\ndisrd.sys
2014-11-28 03:01:44 ----D---- C:\86180ba7349897152a8b47b7a6c602

======List of files/folders modified in the last 1 month======

2014-12-23 20:02:23 ----D---- C:\Program Files\Trend Micro
2014-12-23 20:01:41 ----D---- C:\Windows\system32\config
2014-12-23 19:59:13 ----D---- C:\Windows\system32\Tasks
2014-12-23 19:58:10 ----D---- C:\Windows\temp
2014-12-23 19:49:29 ----D---- C:\Users\Luci\AppData\Roaming\Seznam.cz
2014-12-23 19:39:33 ----D---- C:\Windows\Tasks
2014-12-23 19:39:32 ----D---- C:\Program Files
2014-12-23 15:20:11 ----SHD---- C:\Windows\Installer
2014-12-23 15:20:11 ----SHD---- C:\Config.Msi
2014-12-23 15:19:53 ----D---- C:\Windows\Prefetch
2014-12-23 15:17:02 ----D---- C:\AdwCleaner
2014-12-23 15:16:57 ----D---- C:\ProgramData
2014-12-23 00:00:24 ----D---- C:\Windows\System32
2014-12-23 00:00:24 ----D---- C:\Windows\inf
2014-12-23 00:00:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-22 23:16:09 ----RD---- C:\Program Files (x86)
2014-12-22 09:18:21 ----SHD---- C:\System Volume Information
2014-12-21 15:31:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-18 23:29:06 ----D---- C:\Program Files (x86)\The KMPlayer
2014-12-16 03:03:56 ----D---- C:\Windows\system32\catroot2
2014-12-14 13:32:30 ----D---- C:\Windows\system32\drivers\etc
2014-12-14 13:13:53 ----D---- C:\Windows\system32\drivers
2014-12-14 13:13:48 ----D---- C:\Windows\system32\catroot
2014-12-14 13:13:46 ----D---- C:\Windows\system32\DriverStore
2014-12-14 10:40:55 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-14 10:40:53 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 10:17:41 ----D---- C:\Windows\SysWOW64
2014-12-10 03:43:01 ----D---- C:\Windows\winsxs
2014-12-10 03:40:49 ----SD---- C:\Windows\system32\CompatTel
2014-12-10 03:40:49 ----D---- C:\Windows\AppPatch
2014-12-10 03:40:49 ----D---- C:\Windows\AppCompat
2014-12-10 03:40:45 ----SD---- C:\ProgramData\Microsoft
2014-12-10 03:24:48 ----D---- C:\ProgramData\Microsoft Help
2014-12-10 03:23:03 ----D---- C:\Windows\system32\MRT
2014-12-10 03:15:54 ----A---- C:\Windows\system32\MRT.exe
2014-12-07 20:14:55 ----D---- C:\Users\Luci\AppData\Roaming\vlc
2014-12-04 05:29:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-30 11:40:40 ----A---- C:\Windows\system32\AutoRunFilter.ini
2014-11-30 04:04:05 ----D---- C:\NVIDIA
2014-11-29 23:35:55 ----SD---- C:\Users\Luci\AppData\Roaming\Microsoft
2014-11-29 23:29:10 ----D---- C:\Program Files (x86)\T-Mobile

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2014-09-09 35384]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-04 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-04 224896]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-08 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-08-12 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-04 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-24 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-04 427360]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-04 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-04 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-04 92008]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-05-13 2368160]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2010-03-22 29800]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-18 236544]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-12 1799680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz135;cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-09 61792]
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-12-08 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-04 50344]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 KoopPdfService;KoopPdfService; C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe [2013-05-29 2454016]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-09 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-02 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-01 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 20:49
od Rudy
Dvouklikem na soubor C:\Program Files\trend micro\Luci.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O20 - AppInit_DLLs:
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 22:24
od Stacy.15
No, takže vše hotovo podle návodu, ale pořád to stejné. Koukám že jsem to zapomněl napsat na začátku, ale prý jí v prohlížeči pořád vyskakují nechtěná okna, a to prý dělá pořád. :/

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 22:30
od Rudy
Spusťte ještě toto:
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Re: Počítač prolezlý skrz na skrz

Napsal: 23 pro 2014 22:47
od Stacy.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Luci on út 23.12.2014 at 22:37:31,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2BBED1A5-0CC2-472D-89C6-47C705812CA1}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Luci\AppData\Roaming\mozilla\firefox\profiles\fy162b2h.default\minidumps [627 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on út 23.12.2014 at 22:45:09,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Počítač prolezlý skrz na skrz

Napsal: 24 pro 2014 11:15
od Rudy
Nastala nějaká změna?

Re: Počítač prolezlý skrz na skrz

Napsal: 24 pro 2014 11:30
od Stacy.15
Já teda nejsem přímo u léčeného notebooku, jak jsem psal řeším to za přítelkyni, která mi posílá logy atd. ale říkala, že je to prý stejné :/

Re: Počítač prolezlý skrz na skrz

Napsal: 24 pro 2014 14:38
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Počítač prolezlý skrz na skrz

Napsal: 26 pro 2014 13:45
od Stacy.15
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26.12.2014
Scan Time: 13:05:05
Logfile: log8.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.26.06
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Luci

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346988
Time Elapsed: 37 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MoviesToolBar.A, C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\ilividmoviestoolbar181, , [244a7deab7c5181e6247c7640ef57987],

Files: 9
PUP.Optional.Softonic.A, C:\Users\Luci\Downloads\WinHotSpot_Downloader.exe, , [adc192d5de9e9d99e8243b046a9760a0],
PUP.Optional.InstallIQ.A, C:\Users\Luci\Downloads\WiFiHotSpotCreatorSetup.exe, , [7af437305b2158de6bcf0e27c14026da],
PUP.Optional.MoviesToolBar.A, C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\ilividmoviestoolbar181\apnuserid.dat, , [244a7deab7c5181e6247c7640ef57987],
PUP.Optional.MoviesToolBar.A, C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\ilividmoviestoolbar181\appid.dat, , [244a7deab7c5181e6247c7640ef57987],
PUP.Optional.MoviesToolBar.A, C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\ilividmoviestoolbar181\geodata.xml, , [244a7deab7c5181e6247c7640ef57987],
PUP.Optional.MoviesToolBar.A, C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\ilividmoviestoolbar181\guid.dat, , [244a7deab7c5181e6247c7640ef57987],
PUP.Optional.MoviesToolBar.A, C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\ilividmoviestoolbar181\setupCfg.xml, , [244a7deab7c5181e6247c7640ef57987],
PUP.Optional.MoviesToolBar.A, C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\ilividmoviestoolbar181\sysid.dat, , [244a7deab7c5181e6247c7640ef57987],
PUP.Optional.MoviesToolBar.A, C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\fy162b2h.default\ilividmoviestoolbar181\trackid.dat, , [244a7deab7c5181e6247c7640ef57987],

Physical Sectors: 0
(No malicious items detected)


(end)
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz