PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Preventivní kontrola

https://pc-help.cnews.cz/viewtopic.php?f=70&t=119732

Stránka 1 z 1

Preventivní kontrola

Napsal: 03 lis 2013 13:31
od rostigue
Prosím o váš názor a preventivní kontrolu logu.

Čas od času pročistím PC, ale poslední dobou mě zlobí připojení k netu. Stahování někdy stáhne soubor až na poněkolikáté, rychlost připojení někdy kolísá, ale to bude nejspíš poskytovatelem. Pri zapnutí NTB se připojení wifi po nastartováni systému, navazuje naezvykle dlouho. Domnívám se, že to dřív bylo svižnější.

Přikládám logy jak jsem čistil postupně RogueKiller, Junkware Removal Tool, AdwCleaner. Už "čistý" Rsit je poslední. Pročistil jsem ještě Ccleanerem.

Předem moc děkuji

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : cholda [Práva správce]
Mód : Kontrola -- Datum : 11/03/2013 12:10:09
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\cholda\AppData\Roaming\Seznam.cz\bin\28395libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Users\cholda\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\cholda\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\cholda\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-971095133-3977590087-2599340098-1000\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\cholda\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-971095133-3977590087-2599340098-1000\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\cholda\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xD0D6333C)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543216L9A300 ATA Device +++++
--- User ---
[MBR] 73ddd7fbcd3d3e3eb6e184efcdb6be61
[BSP] ea11fedc801f633954a4ae3b9219c8e1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_11032013_121009.txt >>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Ultimate x86
Ran by cholda on ne 03.11.2013 at 12:12:17,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.layers
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.layers.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\webcakeieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.escrtsrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.escrtsrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.xtrnl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.xtrnl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoodsapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoodsapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c4ed781c-7394-4906-aaff-d6ab64ff7c38}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DC133FCC-35A3-4B2B-87BF-13E546F5A390}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Failed to delete: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\application data\tarma installer"
Successfully deleted: [Folder] "C:\Users\cholda\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\cholda\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Successfully deleted: [Folder] "C:\Program Files\facemoods.com"
Successfully deleted: [Folder] "C:\Program Files\smart pc cleaner"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Successfully deleted: [Folder] "C:\Program Files\askpartnernetwork"



~~~ FireFox

Successfully deleted: [File] C:\Users\cholda\AppData\Roaming\mozilla\firefox\profiles\mxhl7u5r.default\user.js
Successfully deleted: [File] C:\Users\cholda\AppData\Roaming\mozilla\firefox\profiles\mxhl7u5r.default\extensions\addon@defaulttab.com.xpi
Emptied folder: C:\Users\cholda\AppData\Roaming\mozilla\firefox\profiles\mxhl7u5r.default\minidumps [117 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 03.11.2013 at 12:14:47,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v3.010 - Report created 03/11/2013 at 12:18:10
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : cholda - CHOLDA-PC
# Running from : C:\Users\cholda\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\cholda\AppData\Local\Temp\apn
File Deleted : C:\Users\cholda\AppData\Roaming\Mozilla\Firefox\Profiles\mxhl7u5r.default\searchplugins\ask-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKLM\Software\facemoods.com

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16496

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Users\cholda\AppData\Roaming\Mozilla\Firefox\Profiles\mxhl7u5r.default\prefs.js ]

Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "17c38180-08d0-4d64-9358-76ea43d69366");

*************************

AdwCleaner[R0].txt - [4710 octets] - [03/11/2013 12:17:04]
AdwCleaner[S0].txt - [4674 octets] - [03/11/2013 12:18:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4734 octets] ##########


Logfile of random's system information tool 1.09 (written by random/random)
Run by cholda at 2013-11-03 12:22:57
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 27 GB (18%) free of 153 GB
Total RAM: 2973 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:08, on 3.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\cholda\Desktop\RSIT.exe
C:\Program Files\trend micro\cholda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ChangeFilterMerit] "C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe"
O4 - HKLM\..\Run: [Presto! PVR Monitor] "C:\Program Files\NewSoft\Presto! PVR\Monitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 5460 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\cholda\AppData\Roaming\Mozilla\Firefox\Profiles\mxhl7u5r.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.7]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Program Files\Mozilla Firefox\searchplugins\
fcmdSrchddr.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"ChangeFilterMerit"=C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe [2007-06-08 51280]
"Presto! PVR Monitor"=C:\Program Files\NewSoft\Presto! PVR\Monitor.exe [2009-09-24 157520]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-11-17 138808]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-11-17 172088]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-11-17 173624]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2009-09-03 61440]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2013-03-29 11930696]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"T-Mobile CManager"=C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe [2013-10-15 2148120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-11-14 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-11-03 12:17:02 ----D---- C:\AdwCleaner
2013-11-03 12:12:12 ----D---- C:\Windows\ERUNT
2013-11-03 12:06:17 ----D---- C:\rsit
2013-11-03 12:06:17 ----D---- C:\Program Files\trend micro
2013-10-24 15:04:28 ----D---- C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-10-18 18:05:45 ----D---- C:\ProgramData\Oracle
2013-10-18 18:05:22 ----D---- C:\Program Files\Common Files\Java
2013-10-18 18:05:10 ----A---- C:\Windows\system32\javaws.exe
2013-10-18 18:04:58 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-10-18 18:04:58 ----A---- C:\Windows\system32\javaw.exe
2013-10-18 18:04:58 ----A---- C:\Windows\system32\java.exe
2013-10-17 06:24:18 ----D---- C:\Users\cholda\AppData\Roaming\dvdcss
2013-10-16 19:49:42 ----D---- C:\Program Files\FFmpeg for Audacity
2013-10-16 19:46:00 ----D---- C:\Program Files\Lame For Audacity
2013-10-16 19:32:50 ----D---- C:\Users\cholda\AppData\Roaming\avidemux
2013-10-16 19:32:36 ----D---- C:\Program Files\Avidemux 2.6
2013-10-16 19:27:36 ----D---- C:\Users\cholda\AppData\Roaming\Audacity
2013-10-16 19:27:25 ----D---- C:\Program Files\Audacity
2013-10-16 19:06:39 ----D---- C:\Program Files\Haali
2013-10-16 18:55:04 ----A---- C:\Windows\system32\NeEacDec.dll
2013-10-16 18:55:04 ----A---- C:\Windows\system32\NeDtsDec.dll
2013-10-16 18:55:04 ----A---- C:\Windows\system32\msvcr71.dll
2013-10-16 18:55:04 ----A---- C:\Windows\system32\msvcp71.dll
2013-10-16 18:55:02 ----A---- C:\Windows\system32\AdvrCntr2.dll
2013-10-16 18:55:01 ----A---- C:\Windows\unins000.exe
2013-10-16 18:55:01 ----A---- C:\Windows\unins000.dat
2013-10-16 18:54:51 ----A---- C:\Windows\system32\MagUIInter.dll
2013-10-16 18:54:50 ----A---- C:\Windows\system32\MagUIEngine.dll
2013-10-16 18:54:50 ----A---- C:\Windows\system32\MagPCMac.dll
2013-10-16 18:54:49 ----D---- C:\Program Files\Combined Community Codec Pack
2013-10-16 18:54:49 ----A---- C:\Windows\system32\ts.x64.dll
2013-10-16 18:54:49 ----A---- C:\Windows\system32\ts.dll
2013-10-16 18:54:49 ----A---- C:\Windows\system32\MagCore.dll
2013-10-16 18:54:48 ----A---- C:\Windows\system32\ogm.x64.dll
2013-10-16 18:54:48 ----A---- C:\Windows\system32\ogm.dll
2013-10-16 18:54:48 ----A---- C:\Windows\system32\mp4.x64.dll
2013-10-16 18:54:47 ----A---- C:\Windows\system32\mp4.dll
2013-10-16 18:54:47 ----A---- C:\Windows\system32\mkzlib.x64.dll
2013-10-16 18:54:47 ----A---- C:\Windows\system32\mkzlib.dll
2013-10-16 18:54:46 ----A---- C:\Windows\system32\mkx.x64.dll
2013-10-16 18:54:46 ----A---- C:\Windows\system32\mkx.dll
2013-10-16 18:54:46 ----A---- C:\Windows\system32\mkv2vfr.x64.exe
2013-10-16 18:54:45 ----A---- C:\Windows\system32\mkv2vfr.exe
2013-10-16 18:54:45 ----A---- C:\Windows\system32\mkunicode.x64.dll
2013-10-16 18:54:45 ----A---- C:\Windows\system32\mkunicode.dll
2013-10-16 18:54:45 ----A---- C:\Windows\system32\gdsmux.x64.exe
2013-10-16 18:54:44 ----A---- C:\Windows\system32\gdsmux.exe
2013-10-16 18:54:43 ----A---- C:\Windows\system32\dxr.x64.dll
2013-10-16 18:54:43 ----A---- C:\Windows\system32\dxr.dll
2013-10-16 18:54:43 ----A---- C:\Windows\system32\dsmux.x64.exe
2013-10-16 18:54:43 ----A---- C:\Windows\system32\dsmux.exe
2013-10-16 18:54:43 ----A---- C:\Windows\system32\cue2xml.js
2013-10-16 18:54:42 ----A---- C:\Windows\system32\avss.dll
2013-10-16 18:54:42 ----A---- C:\Windows\system32\avs.dll
2013-10-16 18:54:42 ----A---- C:\Windows\system32\avi.x64.dll
2013-10-16 18:54:42 ----A---- C:\Windows\system32\avi.dll
2013-10-16 18:54:41 ----A---- C:\Windows\system32\OptimFROG.dll
2013-10-16 18:54:41 ----A---- C:\Windows\system32\bass_wv.dll
2013-10-16 18:54:41 ----A---- C:\Windows\system32\bass_tta.dll
2013-10-16 18:54:41 ----A---- C:\Windows\system32\bass_ofr.dll
2013-10-16 18:54:40 ----A---- C:\Windows\system32\bass_mpc.dll
2013-10-16 18:54:40 ----A---- C:\Windows\system32\bass_flac.dll
2013-10-16 18:54:40 ----A---- C:\Windows\system32\bass_ape.dll
2013-10-16 18:54:40 ----A---- C:\Windows\system32\bass_alac.dll
2013-10-16 18:54:39 ----A---- C:\Windows\system32\bass_aac.dll
2013-10-16 18:54:39 ----A---- C:\Windows\system32\bass.dll
2013-10-16 18:54:37 ----A---- C:\Windows\system32\TCPDeliver.dll
2013-10-16 18:54:37 ----A---- C:\Windows\system32\DirectShowSource.dll
2013-10-16 18:54:37 ----A---- C:\Windows\system32\devil.dll
2013-10-16 18:54:36 ----A---- C:\Windows\system32\checkactivate.dll
2013-10-16 18:54:36 ----A---- C:\Windows\system32\dtsdecoderdll.dll
2013-10-16 18:54:36 ----A---- C:\Windows\system32\DtsDec.dll
2013-10-16 18:54:36 ----A---- C:\Windows\system32\avisynth.dll
2013-10-16 18:54:29 ----D---- C:\Windows\Plugins
2013-10-16 18:53:56 ----D---- C:\Program Files\AudioAC3DTS

======List of files/folders modified in the last 1 month======

2013-11-03 12:22:03 ----D---- C:\Windows\Temp
2013-11-03 12:14:21 ----HD---- C:\ProgramData
2013-11-03 12:14:21 ----D---- C:\Program Files
2013-11-03 12:12:12 ----D---- C:\Windows
2013-11-03 12:11:31 ----D---- C:\Windows\System32
2013-11-03 12:10:07 ----D---- C:\Windows\system32\drivers
2013-11-03 12:06:25 ----D---- C:\Windows\Prefetch
2013-11-03 11:59:42 ----D---- C:\Users\cholda\AppData\Roaming\Seznam.cz
2013-11-03 11:58:47 ----D---- C:\Windows\inf
2013-11-03 11:58:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-03 06:43:26 ----D---- C:\Windows\system32\config
2013-11-01 17:01:46 ----D---- C:\Users\cholda\AppData\Roaming\vlc
2013-10-31 14:48:24 ----SHD---- C:\System Volume Information
2013-10-31 14:41:34 ----D---- C:\Program Files\JDownloader
2013-10-25 17:44:53 ----D---- C:\Windows\system32\catroot2
2013-10-24 15:04:21 ----D---- C:\Program Files\T-Mobile
2013-10-23 03:23:54 ----A---- C:\Windows\PhotoSnapViewer.INI
2013-10-18 18:08:23 ----SHD---- C:\Windows\Installer
2013-10-18 18:05:22 ----D---- C:\Program Files\Common Files
2013-10-18 18:04:58 ----D---- C:\Program Files\Java
2013-10-16 21:30:59 ----D---- C:\Windows\Microsoft.NET
2013-10-16 21:18:49 ----D---- C:\ProgramData\DVD Shrink
2013-10-16 19:07:32 ----RSD---- C:\Windows\assembly
2013-10-16 19:04:44 ----D---- C:\Windows\system32\en-US
2013-10-09 18:30:28 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-10-05 11:57:30 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-07-20 242240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2009-11-02 20480]
R3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys [2009-11-02 11520]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 76544]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2012-11-14 9037312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2013-03-29 2646088]
R3 netr28;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2012-12-21 204000]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 AF9035BDA;GIGABYTE U7200 DVB-T Devices; C:\Windows\System32\Drivers\AF9035BDA.sys [2008-05-29 244096]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 massfilter;MBB Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2011-04-13 9216]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2012-03-30 107392]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2012-03-30 107392]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2012-03-30 107392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-07-08 4153184]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-01 118680]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-20 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-08 46528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

-----------------EOF-----------------

Re: Preventivní kontrola

Napsal: 03 lis 2013 13:55
od memphisto
Proč to děláš? Kdo ti dal pokyn použít tyhle nástroje? Nemuselo to vůbec dopadnout dobře...

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/