VIRY.CZ

Ahoj prosim zkontrolovat log,pomaly pocitac + vyskakovaci reklama totalne zasekava system
Dekuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2016-03-16 20:10:06
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 68 GB (45%) free of 153 GB
Total RAM: 2000 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:12, on 16.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Petr\Desktop\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://services.eshield.com/general/new ... BD6E43}&i=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Startup: AutorunsDisabled
O15 - Trusted Zone: *.dell.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: NTRU TSS v1.2.1.37 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 2804 bytes

======Scheduled tasks folder======

C:\Windows\tasks\simplitec Power Suite (Tray).job - C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe
C:\Windows\tasks\simplitec Power Suite.job - C:\Program Files\simplitec\KMPFaster\PowerSuite.exe -task

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-11-08 138808]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-11-08 172088]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-11-08 173624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2016-02-12 6638296]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-11-08 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15 1971536]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.VP80"=vp8vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-03-16 20:10:07 ----D---- C:\Program Files\trend micro
2016-03-16 20:10:06 ----D---- C:\rsit
2016-03-16 20:04:36 ----A---- C:\ComboFix.txt
2016-03-16 20:04:02 ----SHD---- C:\$RECYCLE.BIN
2016-03-16 20:03:28 ----D---- C:\Windows\temp
2016-03-16 19:58:55 ----A---- C:\Windows\zip.exe
2016-03-16 19:58:55 ----A---- C:\Windows\SWSC.exe
2016-03-16 19:58:55 ----A---- C:\Windows\SWREG.exe
2016-03-16 19:58:55 ----A---- C:\Windows\sed.exe
2016-03-16 19:58:55 ----A---- C:\Windows\PEV.exe
2016-03-16 19:58:55 ----A---- C:\Windows\NIRCMD.exe
2016-03-16 19:58:55 ----A---- C:\Windows\MBR.exe
2016-03-16 19:58:55 ----A---- C:\Windows\grep.exe
2016-03-16 19:58:50 ----D---- C:\Qoobox
2016-03-16 19:58:39 ----D---- C:\Windows\erdnt
2016-03-16 19:52:37 ----D---- C:\Program Files\CCleaner
2016-03-16 18:46:52 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-03-16 18:45:48 ----D---- C:\ProgramData\Malwarebytes
2016-03-16 18:45:48 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-03-10 14:47:07 ----D---- C:\ProgramData\af87b2cd-6753-0
2016-03-10 14:47:06 ----D---- C:\ProgramData\af87b2cd-6e57-1
2016-02-20 17:27:14 ----D---- C:\Program Files\Intel
2016-02-20 17:26:00 ----D---- C:\apps
2016-02-20 17:25:47 ----D---- C:\ProgramData\NTRU Cryptosystems
2016-02-20 17:25:47 ----D---- C:\Program Files\NTRU Cryptosystems
2016-02-20 17:24:26 ----D---- C:\Intel
2016-02-20 17:24:00 ----A---- C:\Windows\system32\TVWSetup.exe
2016-02-20 17:24:00 ----A---- C:\Windows\system32\HdmiCoin.dll
2016-02-20 17:24:00 ----A---- C:\Windows\system32\drivers\IntcHdmi.sys
2016-02-20 17:23:59 ----A---- C:\Windows\system32\iglhsip32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\iglhcp32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxtray.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxTMM.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxsrvc.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxsrvc.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxress.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxpph.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxpers.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxext.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxexps.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxdo.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxdev.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxCoIn_v2869.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igdumdx32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\ig4icd32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\hkcmd.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\hccutils.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\GfxUI.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\gfxSrvc.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\drivers\igdkmd32.sys
2016-02-20 17:23:59 ----A---- C:\Windows\system32\d3dx10_40.dll
2016-02-20 17:21:24 ----D---- C:\Program Files\Dell
2016-02-20 17:21:24 ----D---- C:\Program Files\Common Files\SPBA
2016-02-20 17:21:13 ----D---- C:\Program Files\DIFX
2016-02-20 17:21:11 ----A---- C:\Windows\system32\drivers\PBADRV.sys
2016-02-20 17:21:10 ----DC---- C:\Windows\system32\DRVSTORE
2016-02-20 17:21:10 ----A---- C:\Windows\system32\pbadrvdll.dll
2016-02-20 17:21:07 ----D---- C:\Program Files\Gemalto
2016-02-20 17:20:55 ----D---- C:\Windows\system32\BioAPIFFDB
2016-02-20 17:17:51 ----D---- C:\Windows\Downloaded Installations
2016-02-20 17:17:21 ----D---- C:\Users\Petr\AppData\Roaming\Wave Systems Corp
2016-02-20 17:17:21 ----D---- C:\ProgramData\Wave Systems Corp
2016-02-20 17:14:05 ----A---- C:\Windows\system32\DellSPMsg.dll
2016-02-20 17:08:29 ----D---- C:\Dell
2016-02-20 16:06:23 ----D---- C:\Program Files\HD Tune
2016-02-19 16:50:00 ----D---- C:\ProgramData\af87b2cd-4f75-0
2016-02-19 16:45:52 ----D---- C:\Program Files\DNS Unlocker
2016-02-19 16:45:49 ----D---- C:\ProgramData\af87b2cd-2f77-0
2016-02-19 16:45:49 ----D---- C:\ProgramData\8bf37759
2016-02-19 16:45:43 ----D---- C:\ProgramData\{009f2124-212c-0}
2016-02-19 16:45:42 ----D---- C:\ProgramData\{2b7946f3-412c-0}
2016-02-19 16:45:41 ----D---- C:\ProgramData\{0c442fc4-312c-1}

======List of files/folders modified in the last 1 month======

2016-03-16 20:10:07 ----RD---- C:\Program Files
2016-03-16 20:03:34 ----D---- C:\Windows
2016-03-16 20:03:34 ----A---- C:\Windows\system.ini
2016-03-16 20:01:35 ----D---- C:\Windows\system32\drivers
2016-03-16 20:01:35 ----D---- C:\Windows\System32
2016-03-16 20:01:35 ----D---- C:\Windows\AppPatch
2016-03-16 20:01:34 ----D---- C:\Program Files\Common Files
2016-03-16 19:58:53 ----D---- C:\Windows\Prefetch
2016-03-16 19:53:36 ----D---- C:\Users\Petr\AppData\Roaming\TeamViewer
2016-03-16 19:53:36 ----D---- C:\Users\Petr\AppData\Roaming\Media Player Classic
2016-03-16 19:53:36 ----D---- C:\Program Files\TeamViewer
2016-03-16 19:53:33 ----D---- C:\Windows\Panther
2016-03-16 19:53:33 ----D---- C:\Windows\Minidump
2016-03-16 19:53:33 ----D---- C:\Windows\inf
2016-03-16 19:53:33 ----D---- C:\Windows\debug
2016-03-16 19:52:38 ----D---- C:\Windows\system32\Tasks
2016-03-16 19:32:18 ----D---- C:\Users\Petr\AppData\Roaming\install
2016-03-16 19:13:13 ----SHD---- C:\System Volume Information
2016-03-16 19:02:40 ----D---- C:\Windows\AppCompat
2016-03-16 19:02:38 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2016-03-16 18:45:48 ----D---- C:\ProgramData
2016-03-16 18:18:24 ----D---- C:\Windows\system32\NDF
2016-03-13 09:08:56 ----D---- C:\Windows\system32\config
2016-03-10 17:09:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-20 17:29:21 ----D---- C:\Windows\system32\catroot2
2016-02-20 17:29:14 ----D---- C:\Windows\winsxs
2016-02-20 17:28:52 ----D---- C:\Windows\system32\drivers\UMDF
2016-02-20 17:28:07 ----D---- C:\Windows\system32\DriverStore
2016-02-20 17:27:13 ----D---- C:\Windows\system32\catroot
2016-02-20 17:25:55 ----SHD---- C:\Windows\Installer
2016-02-20 17:24:58 ----D---- C:\Windows\SoftwareDistribution
2016-02-20 17:19:04 ----A---- C:\Windows\system32\bioapi100.dll
2016-02-20 17:19:04 ----A---- C:\Windows\system32\bioapi_mds300.dll
2016-02-19 16:46:06 ----D---- C:\ProgramData\3e850dd3-2893-1
2016-02-19 16:45:55 ----D---- C:\ProgramData\3e850dd3-61f5-0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PBADRV;PBADRV; C:\Windows\system32\DRIVERS\PBADRV.sys [2016-02-20 26608]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-13 1131008]
R3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R); C:\Windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2012-11-08 9037312]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\drivers\WinUSB.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TeamViewer;TeamViewer 11; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2016-03-02 6942480]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.37 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2011-10-08 1637888]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

ComboFix 16-03-14.01 - Petr 16.03.2016 19:59:47.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2000.745 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-16 do 2016-03-16 )))))))))))))))))))))))))))))))
.
.
2016-03-16 19:03 . 2016-03-16 19:03 -------- d-----w- c:\users\Mcx1-PETR-NOTEBOOK\AppData\Local\temp
2016-03-16 19:03 . 2016-03-16 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-16 18:53 . 2016-03-16 18:54 129484 ----a-w- C:\cc_20160316_195351.reg
2016-03-16 18:52 . 2016-03-16 18:52 -------- d-----w- c:\program files\CCleaner
2016-03-16 18:33 . 2016-03-16 18:33 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53D0B4EA-C66B-46D3-A64A-A3596DB37D8D}\offreg.2472.dll
2016-03-16 17:46 . 2016-03-16 18:49 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-16 17:45 . 2016-03-16 17:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-03-16 17:45 . 2016-03-16 17:45 -------- d-----w- c:\programdata\Malwarebytes
2016-03-16 17:45 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-16 17:45 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-16 17:45 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-10 13:47 . 2016-03-16 17:15 -------- d-----w- c:\programdata\af87b2cd-6753-0
2016-03-10 13:47 . 2016-03-16 17:15 -------- d-----w- c:\programdata\af87b2cd-6e57-1
2016-02-20 16:27 . 2016-02-20 16:27 -------- d-----w- c:\program files\Intel
2016-02-20 16:26 . 2016-02-20 16:26 -------- d-----w- C:\apps
2016-02-20 16:25 . 2016-02-20 16:25 -------- d-----w- c:\programdata\NTRU Cryptosystems
2016-02-20 16:25 . 2016-02-20 16:25 -------- d-----w- c:\program files\NTRU Cryptosystems
2016-02-20 16:24 . 2016-02-20 16:27 -------- d-----w- C:\Intel
2016-02-20 16:24 . 2012-11-08 12:54 8195640 ----a-w- c:\windows\system32\TVWSetup.exe
2016-02-20 16:24 . 2010-03-15 02:14 127488 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2016-02-20 16:24 . 2010-03-15 02:14 5120 ----a-w- c:\windows\system32\HdmiCoin.dll
2016-02-20 16:21 . 2016-02-20 16:27 -------- d-----w- c:\program files\Common Files\SPBA
2016-02-20 16:21 . 2016-02-20 16:21 -------- d-----w- c:\program files\Dell
2016-02-20 16:21 . 2016-02-20 16:21 -------- d-----w- c:\program files\DIFX
2016-02-20 16:21 . 2016-02-20 16:19 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
2016-02-20 16:21 . 2016-02-20 16:21 -------- dc----w- c:\windows\system32\DRVSTORE
2016-02-20 16:21 . 2016-02-20 16:19 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
2016-02-20 16:21 . 2016-02-20 16:21 -------- d-----w- c:\program files\Gemalto
2016-02-20 16:20 . 2016-02-20 16:20 -------- d-----w- c:\windows\system32\BioAPIFFDB
2016-02-20 16:20 . 2016-02-20 16:20 405504 ----a-r- c:\users\Petr\AppData\Roaming\Microsoft\Installer\{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}\ARPPRODUCTICON.exe
2016-02-20 16:18 . 2016-02-20 16:18 -------- d-----w- c:\users\Petr\AppData\Local\Dell
2016-02-20 16:17 . 2016-02-20 16:20 -------- d-----w- c:\windows\Downloaded Installations
2016-02-20 16:17 . 2016-02-20 16:17 -------- d-----w- c:\users\Petr\AppData\Roaming\Wave Systems Corp
2016-02-20 16:17 . 2016-02-20 16:17 -------- d-----w- c:\programdata\Wave Systems Corp
2016-02-20 16:14 . 2009-09-02 05:13 131072 ----a-w- c:\windows\system32\DellSPMsg.dll
2016-02-20 16:08 . 2016-02-20 16:14 -------- d-----w- C:\Dell
2016-02-20 15:58 . 2016-02-20 15:58 -------- d-----w- c:\users\Petr\AppData\Local\Apps
2016-02-20 15:58 . 2016-02-20 15:58 -------- d-----w- c:\users\Petr\AppData\Local\Deployment
2016-02-20 15:06 . 2016-02-20 15:06 -------- d-----w- c:\program files\HD Tune
2016-02-19 15:50 . 2016-03-04 19:14 -------- d-----w- c:\programdata\af87b2cd-4f75-0
2016-02-19 15:45 . 2016-03-16 18:32 -------- d-----w- c:\program files\DNS Unlocker
2016-02-19 15:45 . 2016-03-04 19:14 -------- d-----w- c:\programdata\af87b2cd-2f77-0
2016-02-19 15:45 . 2016-02-19 15:45 -------- d-----w- c:\programdata\8bf37759
2016-02-19 15:45 . 2016-02-19 15:45 -------- d-----w- c:\programdata\{009f2124-212c-0}
2016-02-19 15:45 . 2016-02-19 15:45 -------- d-----w- c:\programdata\{2b7946f3-412c-0}
2016-02-19 15:45 . 2016-02-19 15:45 -------- d-----w- c:\programdata\{0c442fc4-312c-1}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-20 16:19 . 2006-06-30 11:58 176128 ----a-w- c:\windows\system32\bioapi_mds300.dll
2016-02-20 16:19 . 2006-06-30 11:58 126976 ----a-w- c:\windows\system32\bioapi100.dll
2016-02-07 07:21 . 2016-02-07 07:21 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53D0B4EA-C66B-46D3-A64A-A3596DB37D8D}\offreg.2540.dll
2016-02-02 19:52 . 2016-02-02 19:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53D0B4EA-C66B-46D3-A64A-A3596DB37D8D}\offreg.1136.dll
2016-02-02 19:45 . 2016-02-02 19:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2016-02-02 19:45 . 2016-02-02 19:45 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2016-01-03 20:06 . 2016-01-03 20:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53D0B4EA-C66B-46D3-A64A-A3596DB37D8D}\offreg.5476.dll
2015-12-29 23:08 . 2015-12-29 23:08 367616 ----a-w- c:\users\Petr\AppData\Roaming\PassLog.exe
2015-12-22 05:56 . 2015-12-22 05:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53D0B4EA-C66B-46D3-A64A-A3596DB37D8D}\offreg.1636.dll
2015-12-21 17:21 . 2015-12-21 17:21 101256 ----a-w- c:\windows\system32\pdfcmon.dll
2015-12-18 14:52 . 2015-12-18 14:52 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-18 14:52 . 2015-12-18 14:52 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-02-12 6638296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-08 138808]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-08 172088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-08 173624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 10:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2016-03-16 c:\windows\Tasks\simplitec Power Suite (Tray).job
- c:\program files\simplitec\KMPFaster\ServiceProvider.exe [2015-11-28 12:59]
.
2015-11-28 c:\windows\Tasks\simplitec Power Suite.job
- c:\program files\simplitec\KMPFaster\PowerSuite.exe [2015-11-28 12:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={E75807DC-4596-429D-B6A4-CC90E4BD6E43}&i=
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{0610427F-2DB3-4213-9713-E36428D0BBBA}: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{C5DB2AEF-A760-47F1-93E5-AEF24902472C}: DhcpNameServer = 82.163.142.7
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-03-16 20:04:36
ComboFix-quarantined-files.txt 2016-03-16 19:04
.
Před spuštěním: Volných bajtů: 71 992 774 656
Po spuštění: Volných bajtů: 71 611 314 176
.
- - End Of File - - 1EE89489D81B171A3EDA10B6AFA90A2A
A36C5E4F47E84449FF07ED3517B43A31

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v5.102 - Logfile created 16/03/2016 at 20:37:31
# Updated 13/03/2016 by Xplode
# Database : 2016-03-16.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Petr - PETR-NOTEBOOK
# Running from : C:\Users\Petr\Desktop\adwcleaner_5.102.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\DNS Unlocker
[-] Folder Deleted : C:\Program Files\simplitec
[-] Folder Deleted : C:\ProgramData\simplitec
[-] Folder Deleted : C:\ProgramData\3e850dd3-2893-1
[-] Folder Deleted : C:\ProgramData\3e850dd3-61f5-0
[-] Folder Deleted : C:\ProgramData\8bf37759
[-] Folder Deleted : C:\ProgramData\af87b2cd-2f77-0
[-] Folder Deleted : C:\ProgramData\af87b2cd-4f75-0
[-] Folder Deleted : C:\ProgramData\af87b2cd-6753-0
[-] Folder Deleted : C:\ProgramData\af87b2cd-6e57-1
[-] Folder Deleted : C:\ProgramData\{009f2124-212c-0}
[-] Folder Deleted : C:\ProgramData\{0c442fc4-312c-1}
[-] Folder Deleted : C:\ProgramData\{2b7946f3-412c-0}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : simplitec Power Suite (Tray)
[-] Task Deleted : simplitec Power Suite

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8bf37759}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKLM\SOFTWARE\simplitec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Data Restored : HKU\S-1-5-21-839381056-1275580244-2287400433-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{96D18F25-4882-40DE-A0C8-E4FC5769B536}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6E2F9680-F3E3-4D6B-9CBE-C60FD717571E}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{880904EB-7A99-42D3-AF25-3270522666DB}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E728420D-1CD7-4F36-8D32-8C270AE5551F}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{56480B5F-7C80-4CEE-AB34-36CA6352FBF1}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{224E9C88-0513-4CDD-882D-09C9C51863CE}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{22D239A6-0C91-4061-AE1F-9A3EE9A522DE}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FF79BE23-0CF8-42A9-96DD-C3B4E4D714E8}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{99403113-1CEC-4A72-A192-C6766C361B3F}C:\program files\simplitec\kmpfaster\serviceprovider.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{4A4C6EF6-6C2D-4316-973B-D23805B5349F}C:\program files\simplitec\kmpfaster\serviceprovider.exe]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F60B7C10-B82E-4525-B57F-5EEFAE51811B}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-839381056-1275580244-2287400433-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [7037 bytes] - [16/03/2016 20:37:31]
C:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [7571 bytes] - [16/03/2016 20:36:32]

########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [7211 bytes] ##########

Dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2016-03-16 20:45:42
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 68 GB (45%) free of 153 GB
Total RAM: 2000 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:46, on 16.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Petr\Desktop\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Startup: AutorunsDisabled
O15 - Trusted Zone: *.dell.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: NTRU TSS v1.2.1.37 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 2324 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-11-08 138808]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-11-08 172088]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-11-08 173624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2016-02-12 6638296]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-11-08 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15 1971536]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.VP80"=vp8vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-03-16 20:36:21 ----D---- C:\Program Files\AdwCleaner
2016-03-16 20:34:17 ----D---- C:\FRST
2016-03-16 20:10:07 ----D---- C:\Program Files\trend micro
2016-03-16 20:10:06 ----D---- C:\rsit
2016-03-16 20:04:36 ----A---- C:\ComboFix.txt
2016-03-16 20:04:02 ----SHD---- C:\$RECYCLE.BIN
2016-03-16 20:03:28 ----D---- C:\Windows\temp
2016-03-16 19:58:55 ----A---- C:\Windows\zip.exe
2016-03-16 19:58:55 ----A---- C:\Windows\SWSC.exe
2016-03-16 19:58:55 ----A---- C:\Windows\SWREG.exe
2016-03-16 19:58:55 ----A---- C:\Windows\sed.exe
2016-03-16 19:58:55 ----A---- C:\Windows\PEV.exe
2016-03-16 19:58:55 ----A---- C:\Windows\NIRCMD.exe
2016-03-16 19:58:55 ----A---- C:\Windows\MBR.exe
2016-03-16 19:58:55 ----A---- C:\Windows\grep.exe
2016-03-16 19:58:50 ----D---- C:\Qoobox
2016-03-16 19:58:39 ----D---- C:\Windows\erdnt
2016-03-16 19:52:37 ----D---- C:\Program Files\CCleaner
2016-03-16 18:46:52 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-03-16 18:45:48 ----D---- C:\ProgramData\Malwarebytes
2016-03-16 18:45:48 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-02-20 17:27:14 ----D---- C:\Program Files\Intel
2016-02-20 17:26:00 ----D---- C:\apps
2016-02-20 17:25:47 ----D---- C:\ProgramData\NTRU Cryptosystems
2016-02-20 17:25:47 ----D---- C:\Program Files\NTRU Cryptosystems
2016-02-20 17:24:26 ----D---- C:\Intel
2016-02-20 17:24:00 ----A---- C:\Windows\system32\TVWSetup.exe
2016-02-20 17:24:00 ----A---- C:\Windows\system32\HdmiCoin.dll
2016-02-20 17:24:00 ----A---- C:\Windows\system32\drivers\IntcHdmi.sys
2016-02-20 17:23:59 ----A---- C:\Windows\system32\iglhsip32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\iglhcp32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxtray.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxTMM.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxsrvc.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxsrvc.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxress.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxpph.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxpers.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxext.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxexps.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxdo.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxdev.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxCoIn_v2869.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igdumdx32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\ig4icd32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\hkcmd.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\hccutils.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\GfxUI.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\gfxSrvc.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\drivers\igdkmd32.sys
2016-02-20 17:23:59 ----A---- C:\Windows\system32\d3dx10_40.dll
2016-02-20 17:21:24 ----D---- C:\Program Files\Dell
2016-02-20 17:21:24 ----D---- C:\Program Files\Common Files\SPBA
2016-02-20 17:21:13 ----D---- C:\Program Files\DIFX
2016-02-20 17:21:11 ----A---- C:\Windows\system32\drivers\PBADRV.sys
2016-02-20 17:21:10 ----DC---- C:\Windows\system32\DRVSTORE
2016-02-20 17:21:10 ----A---- C:\Windows\system32\pbadrvdll.dll
2016-02-20 17:21:07 ----D---- C:\Program Files\Gemalto
2016-02-20 17:20:55 ----D---- C:\Windows\system32\BioAPIFFDB
2016-02-20 17:17:51 ----D---- C:\Windows\Downloaded Installations
2016-02-20 17:17:21 ----D---- C:\Users\Petr\AppData\Roaming\Wave Systems Corp
2016-02-20 17:17:21 ----D---- C:\ProgramData\Wave Systems Corp
2016-02-20 17:14:05 ----A---- C:\Windows\system32\DellSPMsg.dll
2016-02-20 17:08:29 ----D---- C:\Dell
2016-02-20 16:06:23 ----D---- C:\Program Files\HD Tune

======List of files/folders modified in the last 1 month======

2016-03-16 20:38:36 ----D---- C:\Windows
2016-03-16 20:37:36 ----D---- C:\Windows\Tasks
2016-03-16 20:37:36 ----D---- C:\Windows\system32\Tasks
2016-03-16 20:37:35 ----D---- C:\ProgramData
2016-03-16 20:37:34 ----RD---- C:\Program Files
2016-03-16 20:03:34 ----A---- C:\Windows\system.ini
2016-03-16 20:01:35 ----D---- C:\Windows\system32\drivers
2016-03-16 20:01:35 ----D---- C:\Windows\System32
2016-03-16 20:01:35 ----D---- C:\Windows\AppPatch
2016-03-16 20:01:34 ----D---- C:\Program Files\Common Files
2016-03-16 19:58:53 ----D---- C:\Windows\Prefetch
2016-03-16 19:53:36 ----D---- C:\Users\Petr\AppData\Roaming\TeamViewer
2016-03-16 19:53:36 ----D---- C:\Users\Petr\AppData\Roaming\Media Player Classic
2016-03-16 19:53:36 ----D---- C:\Program Files\TeamViewer
2016-03-16 19:53:33 ----D---- C:\Windows\Panther
2016-03-16 19:53:33 ----D---- C:\Windows\Minidump
2016-03-16 19:53:33 ----D---- C:\Windows\inf
2016-03-16 19:53:33 ----D---- C:\Windows\debug
2016-03-16 19:32:18 ----D---- C:\Users\Petr\AppData\Roaming\install
2016-03-16 19:13:13 ----SHD---- C:\System Volume Information
2016-03-16 19:02:40 ----D---- C:\Windows\AppCompat
2016-03-16 19:02:38 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2016-03-16 18:18:24 ----D---- C:\Windows\system32\NDF
2016-03-13 09:08:56 ----D---- C:\Windows\system32\config
2016-03-10 17:09:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-20 17:29:21 ----D---- C:\Windows\system32\catroot2
2016-02-20 17:29:14 ----D---- C:\Windows\winsxs
2016-02-20 17:28:52 ----D---- C:\Windows\system32\drivers\UMDF
2016-02-20 17:28:07 ----D---- C:\Windows\system32\DriverStore
2016-02-20 17:27:13 ----D---- C:\Windows\system32\catroot
2016-02-20 17:25:55 ----SHD---- C:\Windows\Installer
2016-02-20 17:24:58 ----D---- C:\Windows\SoftwareDistribution
2016-02-20 17:19:04 ----A---- C:\Windows\system32\bioapi100.dll
2016-02-20 17:19:04 ----A---- C:\Windows\system32\bioapi_mds300.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PBADRV;PBADRV; C:\Windows\system32\DRIVERS\PBADRV.sys [2016-02-20 26608]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-13 1131008]
R3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R); C:\Windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2012-11-08 9037312]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\drivers\WinUSB.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TeamViewer;TeamViewer 11; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2016-03-02 6942480]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.37 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2011-10-08 1637888]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Proč jste spouštěl ComboFix, utiltiu určenou pouze profesionálům? Hodlate si nabořit systém? Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2016-03-16 22:48:30
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 68 GB (45%) free of 153 GB
Total RAM: 2000 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:48:36, on 16.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Users\Petr\Desktop\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Startup: AutorunsDisabled
O15 - Trusted Zone: *.dell.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: NTRU TSS v1.2.1.37 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 2249 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-11-08 138808]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-11-08 172088]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-11-08 173624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2016-02-12 6638296]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-11-08 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15 1971536]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.VP80"=vp8vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-03-16 22:45:45 ----D---- C:\_OTM
2016-03-16 20:36:21 ----D---- C:\Program Files\AdwCleaner
2016-03-16 20:34:17 ----D---- C:\FRST
2016-03-16 20:10:07 ----D---- C:\Program Files\trend micro
2016-03-16 20:10:06 ----D---- C:\rsit
2016-03-16 20:04:36 ----A---- C:\ComboFix.txt
2016-03-16 20:04:02 ----SHD---- C:\$RECYCLE.BIN
2016-03-16 20:03:28 ----D---- C:\Windows\temp
2016-03-16 19:58:55 ----A---- C:\Windows\zip.exe
2016-03-16 19:58:55 ----A---- C:\Windows\SWSC.exe
2016-03-16 19:58:55 ----A---- C:\Windows\SWREG.exe
2016-03-16 19:58:55 ----A---- C:\Windows\sed.exe
2016-03-16 19:58:55 ----A---- C:\Windows\PEV.exe
2016-03-16 19:58:55 ----A---- C:\Windows\NIRCMD.exe
2016-03-16 19:58:55 ----A---- C:\Windows\MBR.exe
2016-03-16 19:58:55 ----A---- C:\Windows\grep.exe
2016-03-16 19:58:50 ----D---- C:\Qoobox
2016-03-16 19:58:39 ----D---- C:\Windows\erdnt
2016-03-16 19:52:37 ----D---- C:\Program Files\CCleaner
2016-03-16 18:46:52 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-03-16 18:45:48 ----D---- C:\ProgramData\Malwarebytes
2016-03-16 18:45:48 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-03-16 18:45:48 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-02-20 17:27:14 ----D---- C:\Program Files\Intel
2016-02-20 17:26:00 ----D---- C:\apps
2016-02-20 17:25:47 ----D---- C:\ProgramData\NTRU Cryptosystems
2016-02-20 17:25:47 ----D---- C:\Program Files\NTRU Cryptosystems
2016-02-20 17:24:26 ----D---- C:\Intel
2016-02-20 17:24:00 ----A---- C:\Windows\system32\TVWSetup.exe
2016-02-20 17:24:00 ----A---- C:\Windows\system32\HdmiCoin.dll
2016-02-20 17:24:00 ----A---- C:\Windows\system32\drivers\IntcHdmi.sys
2016-02-20 17:23:59 ----A---- C:\Windows\system32\iglhsip32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\iglhcp32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxtray.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxTMM.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxsrvc.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxsrvc.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxress.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxpph.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxpers.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxext.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxexps.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxdo.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxdev.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igfxCoIn_v2869.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\igdumdx32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\ig4icd32.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\hkcmd.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\hccutils.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\GfxUI.exe
2016-02-20 17:23:59 ----A---- C:\Windows\system32\gfxSrvc.dll
2016-02-20 17:23:59 ----A---- C:\Windows\system32\drivers\igdkmd32.sys
2016-02-20 17:23:59 ----A---- C:\Windows\system32\d3dx10_40.dll
2016-02-20 17:21:24 ----D---- C:\Program Files\Dell
2016-02-20 17:21:24 ----D---- C:\Program Files\Common Files\SPBA
2016-02-20 17:21:13 ----D---- C:\Program Files\DIFX
2016-02-20 17:21:11 ----A---- C:\Windows\system32\drivers\PBADRV.sys
2016-02-20 17:21:10 ----DC---- C:\Windows\system32\DRVSTORE
2016-02-20 17:21:10 ----A---- C:\Windows\system32\pbadrvdll.dll
2016-02-20 17:21:07 ----D---- C:\Program Files\Gemalto
2016-02-20 17:20:55 ----D---- C:\Windows\system32\BioAPIFFDB
2016-02-20 17:17:51 ----D---- C:\Windows\Downloaded Installations
2016-02-20 17:17:21 ----D---- C:\Users\Petr\AppData\Roaming\Wave Systems Corp
2016-02-20 17:17:21 ----D---- C:\ProgramData\Wave Systems Corp
2016-02-20 17:14:05 ----A---- C:\Windows\system32\DellSPMsg.dll
2016-02-20 17:08:29 ----D---- C:\Dell
2016-02-20 16:06:23 ----D---- C:\Program Files\HD Tune

======List of files/folders modified in the last 1 month======

2016-03-16 22:47:00 ----D---- C:\ProgramData
2016-03-16 20:38:36 ----D---- C:\Windows
2016-03-16 20:37:36 ----D---- C:\Windows\Tasks
2016-03-16 20:37:36 ----D---- C:\Windows\system32\Tasks
2016-03-16 20:37:34 ----RD---- C:\Program Files
2016-03-16 20:03:34 ----A---- C:\Windows\system.ini
2016-03-16 20:01:35 ----D---- C:\Windows\system32\drivers
2016-03-16 20:01:35 ----D---- C:\Windows\System32
2016-03-16 20:01:35 ----D---- C:\Windows\AppPatch
2016-03-16 20:01:34 ----D---- C:\Program Files\Common Files
2016-03-16 19:58:53 ----D---- C:\Windows\Prefetch
2016-03-16 19:53:36 ----D---- C:\Users\Petr\AppData\Roaming\TeamViewer
2016-03-16 19:53:36 ----D---- C:\Users\Petr\AppData\Roaming\Media Player Classic
2016-03-16 19:53:36 ----D---- C:\Program Files\TeamViewer
2016-03-16 19:53:33 ----D---- C:\Windows\Panther
2016-03-16 19:53:33 ----D---- C:\Windows\Minidump
2016-03-16 19:53:33 ----D---- C:\Windows\inf
2016-03-16 19:53:33 ----D---- C:\Windows\debug
2016-03-16 19:32:18 ----D---- C:\Users\Petr\AppData\Roaming\install
2016-03-16 19:13:13 ----SHD---- C:\System Volume Information
2016-03-16 19:02:40 ----D---- C:\Windows\AppCompat
2016-03-16 19:02:38 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2016-03-16 18:18:24 ----D---- C:\Windows\system32\NDF
2016-03-13 09:08:56 ----D---- C:\Windows\system32\config
2016-03-10 17:09:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-20 17:29:21 ----D---- C:\Windows\system32\catroot2
2016-02-20 17:29:14 ----D---- C:\Windows\winsxs
2016-02-20 17:28:52 ----D---- C:\Windows\system32\drivers\UMDF
2016-02-20 17:28:07 ----D---- C:\Windows\system32\DriverStore
2016-02-20 17:27:13 ----D---- C:\Windows\system32\catroot
2016-02-20 17:25:55 ----SHD---- C:\Windows\Installer
2016-02-20 17:24:58 ----D---- C:\Windows\SoftwareDistribution
2016-02-20 17:19:04 ----A---- C:\Windows\system32\bioapi100.dll
2016-02-20 17:19:04 ----A---- C:\Windows\system32\bioapi_mds300.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PBADRV;PBADRV; C:\Windows\system32\DRIVERS\PBADRV.sys [2016-02-20 26608]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-13 1131008]
R3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R); C:\Windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2012-11-08 9037312]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\drivers\WinUSB.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TeamViewer;TeamViewer 11; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2016-03-02 6942480]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.37 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2011-10-08 1637888]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Smazáno. Nastala nějaká změna?

Ahoj vypada to ze OK dekuji

Rádo se stalo!

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu