Preventivní kontrola

[scorpion]

Omlouvám se, ale týden jsem tady nebyl. Takže teď jsem udělal kroky Vámi popsané, a zde je zpráva z RSITu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Smalcovi at 2013-03-30 08:43:53
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 33 GB (33%) free of 100 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:44:27, on 30.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG Family Safety\BSecAMX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG Family Safety\BsecTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Smalcovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Smalcovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Smalcovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Smalcovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Smalcovi\Desktop\Download\RSIT.exe
C:\Program Files\trend micro\Smalcovi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG Family Safety] C:\Program Files\AVG\AVG Family Safety\BsecTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programy\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Broken Internet access because of LSP provider '%programfiles%\avg\avg family safety\inetctrl67.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVG Family Safety (Bsecure) - Bsecure Technologies, Inc. - C:\Program Files\AVG\AVG Family Safety\InetCtrl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 5037 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Smalcovi\AppData\Roaming\Mozilla\Firefox\Profiles\cyvvi9eb.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=D:\Programy\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Programy\Adobe Reader\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-11 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\Programy\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-11 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-05-18 10979984]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"AVG Family Safety"=C:\Program Files\AVG\AVG Family Safety\BsecTray.exe [2011-12-07 97096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Bsecure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-03-30 08:43:53 ----D---- C:\rsit
2013-03-23 18:21:57 ----D---- C:\Program Files\Defraggler
2013-03-23 18:12:09 ----D---- C:\Program Files\CCleaner
2013-03-23 15:36:45 ----D---- C:\Users\Smalcovi\AppData\Roaming\.minecraft
2013-03-22 23:13:43 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-03-22 23:13:43 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-03-22 23:13:43 ----A---- C:\Windows\system32\elshyph.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\wininet.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\wextract.exe
2013-03-22 23:13:42 ----A---- C:\Windows\system32\vbscript.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\urlmon.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\msrating.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\msls31.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\mshtml.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\inseng.dll
2013-03-22 23:13:42 ----A---- C:\Windows\system32\iexpress.exe
2013-03-22 23:13:42 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-22 23:13:42 ----A---- C:\Windows\system32\iertutil.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-03-22 23:13:41 ----A---- C:\Windows\system32\pngfilt.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\occache.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\mshtmler.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\mshta.exe
2013-03-22 23:13:41 ----A---- C:\Windows\system32\msfeedssync.exe
2013-03-22 23:13:41 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\jscript9.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\jscript.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\imgutil.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\ieui.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\iesysprep.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\iepeers.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\ieframe.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-03-22 23:13:41 ----A---- C:\Windows\system32\dxtrans.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\webcheck.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\url.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\licmgr10.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\iesetup.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\iernonce.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\iedkcs32.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\ieapfltr.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\ieapfltr.dat
2013-03-22 23:13:40 ----A---- C:\Windows\system32\ie4uinit.exe
2013-03-22 23:13:40 ----A---- C:\Windows\system32\icardie.dll
2013-03-22 23:13:40 ----A---- C:\Windows\system32\dxtmsft.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 23:12:21 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 23:12:21 ----A---- C:\Windows\system32\XpsPrint.dll
2013-03-22 23:12:21 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-03-22 23:12:21 ----A---- C:\Windows\system32\WMPhoto.dll
2013-03-22 23:12:21 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2013-03-22 23:12:21 ----A---- C:\Windows\system32\FntCache.dll
2013-03-22 23:12:21 ----A---- C:\Windows\system32\DWrite.dll
2013-03-22 23:12:21 ----A---- C:\Windows\system32\d3d11.dll
2013-03-22 23:12:21 ----A---- C:\Windows\system32\d3d10core.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\UIAnimation.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\dxgi.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\d3d10warp.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\d3d10level9.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\d3d10_1.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\d3d10.dll
2013-03-22 23:12:20 ----A---- C:\Windows\system32\d2d1.dll
2013-03-22 21:36:16 ----D---- C:\Users\Smalcovi\AppData\Roaming\Malwarebytes
2013-03-22 21:36:01 ----D---- C:\ProgramData\Malwarebytes
2013-03-22 10:38:42 ----D---- C:\Program Files\trend micro
2013-03-21 16:21:42 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2013-03-21 16:21:42 ----A---- C:\Windows\system32\drivers\ndis.sys
2013-03-21 16:20:57 ----A---- C:\Windows\system32\OxpsConverter.exe
2013-03-21 16:20:53 ----A---- C:\Windows\system32\ncsi.dll
2013-03-21 16:20:53 ----A---- C:\Windows\system32\iphlpsvc.dll
2013-03-21 16:20:52 ----A---- C:\Windows\system32\nlasvc.dll
2013-03-21 16:20:52 ----A---- C:\Windows\system32\nlaapi.dll
2013-03-21 16:20:52 ----A---- C:\Windows\system32\netevent.dll
2013-03-21 16:20:52 ----A---- C:\Windows\system32\netcorehc.dll
2013-03-21 16:20:52 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2013-03-21 16:20:18 ----A---- C:\Windows\system32\taskhost.exe
2013-03-21 16:20:16 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2013-03-21 16:20:16 ----A---- C:\Windows\system32\dhcpcore6.dll
2013-03-20 23:05:23 ----D---- C:\Windows\system32\SPReview
2013-03-20 23:04:05 ----D---- C:\Windows\system32\EventProviders
2013-03-20 21:09:46 ----A---- C:\Windows\system32\drivers\usb8023.sys
2013-03-19 21:37:35 ----D---- C:\Program Files\Mozilla Firefox
2013-03-04 20:14:47 ----D---- C:\Users\Smalcovi\AppData\Roaming\Leadertech
2013-03-04 20:04:45 ----A---- C:\Windows\system32\D3DX9_37.dll
2013-03-04 20:04:45 ----A---- C:\Windows\system32\d3dx9_35.dll
2013-03-04 20:04:44 ----A---- C:\Windows\system32\xinput1_3.dll
2013-03-04 20:04:44 ----A---- C:\Windows\system32\d3dx9_34.dll
2013-03-04 20:04:43 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-03-04 20:04:41 ----A---- C:\Windows\system32\d3dx9_31.dll
2013-03-04 18:36:38 ----D---- C:\Users\Smalcovi\AppData\Roaming\uTorrent

======List of files/folders modified in the last 1 month======

2013-03-30 08:44:05 ----D---- C:\Windows\Prefetch
2013-03-30 08:43:33 ----D---- C:\Windows\Temp
2013-03-30 07:59:49 ----D---- C:\Windows\system32\config
2013-03-29 20:39:43 ----SHD---- C:\System Volume Information
2013-03-28 20:38:29 ----D---- C:\Windows\System32
2013-03-28 20:38:29 ----D---- C:\Windows\inf
2013-03-28 20:38:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-28 20:37:23 ----D---- C:\Users\Smalcovi\AppData\Roaming\vlc
2013-03-27 21:54:12 ----D---- C:\Users\Smalcovi\AppData\Roaming\Skype
2013-03-25 17:12:43 ----SHD---- C:\Windows\Installer
2013-03-25 17:12:41 ----D---- C:\ProgramData\Microsoft Help
2013-03-24 10:27:49 ----D---- C:\Windows
2013-03-23 18:21:57 ----RD---- C:\Program Files
2013-03-23 18:13:58 ----D---- C:\Users\Smalcovi\AppData\Roaming\DAEMON Tools Lite
2013-03-23 18:13:54 ----D---- C:\Windows\Panther
2013-03-23 18:13:53 ----D---- C:\Windows\Logs
2013-03-23 18:13:53 ----D---- C:\Windows\debug
2013-03-23 18:12:14 ----D---- C:\Windows\system32\Tasks
2013-03-23 17:58:40 ----D---- C:\Windows\system32\drivers
2013-03-23 12:02:13 ----D---- C:\Windows\rescache
2013-03-23 10:48:33 ----D---- C:\Windows\winsxs
2013-03-23 10:47:16 ----D---- C:\Windows\system32\cs-CZ
2013-03-23 10:47:16 ----D---- C:\Program Files\Internet Explorer
2013-03-23 10:47:14 ----D---- C:\Windows\system32\migration
2013-03-23 10:47:14 ----D---- C:\Windows\PolicyDefinitions
2013-03-23 10:47:13 ----D---- C:\Windows\system32\en-US
2013-03-23 10:47:11 ----D---- C:\Windows\system32\zh-TW
2013-03-23 10:47:11 ----D---- C:\Windows\system32\zh-HK
2013-03-23 10:47:11 ----D---- C:\Windows\system32\tr-TR
2013-03-23 10:47:11 ----D---- C:\Windows\system32\sv-SE
2013-03-23 10:47:11 ----D---- C:\Windows\system32\pt-PT
2013-03-23 10:47:11 ----D---- C:\Windows\system32\pt-BR
2013-03-23 10:47:11 ----D---- C:\Windows\system32\pl-PL
2013-03-23 10:47:11 ----D---- C:\Windows\system32\nl-NL
2013-03-23 10:47:11 ----D---- C:\Windows\system32\ko-KR
2013-03-23 10:47:11 ----D---- C:\Windows\system32\it-IT
2013-03-23 10:47:11 ----D---- C:\Windows\system32\hu-HU
2013-03-23 10:47:11 ----D---- C:\Windows\system32\fr-FR
2013-03-23 10:47:11 ----D---- C:\Windows\system32\fi-FI
2013-03-23 10:47:11 ----D---- C:\Windows\system32\es-ES
2013-03-23 10:47:11 ----D---- C:\Windows\system32\el-GR
2013-03-23 10:47:11 ----D---- C:\Windows\system32\de-DE
2013-03-23 10:47:10 ----D---- C:\Windows\system32\zh-CN
2013-03-23 10:47:10 ----D---- C:\Windows\system32\ru-RU
2013-03-23 10:47:10 ----D---- C:\Windows\system32\nb-NO
2013-03-23 10:47:10 ----D---- C:\Windows\system32\ja-JP
2013-03-23 10:47:10 ----D---- C:\Windows\system32\da-DK
2013-03-22 23:16:00 ----D---- C:\Windows\system32\catroot
2013-03-22 23:15:28 ----D---- C:\Windows\system32\catroot2
2013-03-22 21:36:01 ----HD---- C:\ProgramData
2013-03-22 20:46:07 ----D---- C:\Windows\Tasks
2013-03-22 20:45:57 ----D---- C:\Windows\system32\drivers\etc
2013-03-22 11:04:32 ----D---- C:\Windows\Microsoft.NET
2013-03-22 11:03:50 ----RSD---- C:\Windows\assembly
2013-03-21 20:04:11 ----D---- C:\Windows\AppPatch
2013-03-21 15:48:03 ----D---- C:\Windows\system32\DriverStore
2013-03-21 15:45:39 ----SHD---- C:\Boot
2013-03-21 15:40:08 ----D---- C:\Program Files\Windows Sidebar
2013-03-21 15:40:08 ----D---- C:\Program Files\Windows Portable Devices
2013-03-21 15:40:08 ----D---- C:\Program Files\Windows Photo Viewer
2013-03-21 15:40:08 ----D---- C:\Program Files\Windows Media Player
2013-03-21 15:40:08 ----D---- C:\Program Files\Windows Mail
2013-03-21 15:40:08 ----D---- C:\Program Files\Windows Journal
2013-03-21 15:40:08 ----D---- C:\Program Files\DVD Maker
2013-03-21 15:40:07 ----D---- C:\Program Files\Common Files\System
2013-03-21 15:40:05 ----D---- C:\Windows\servicing
2013-03-21 15:40:05 ----D---- C:\Windows\ehome
2013-03-21 15:40:05 ----D---- C:\Program Files\Windows Defender
2013-03-21 15:39:58 ----D---- C:\Windows\system32\sysprep
2013-03-21 15:39:58 ----D---- C:\Windows\system32\Setup
2013-03-21 15:39:58 ----D---- C:\Windows\system32\oobe
2013-03-21 15:39:58 ----D---- C:\Windows\system32\cs
2013-03-21 15:39:58 ----D---- C:\Windows\system32\AdvancedInstallers
2013-03-21 15:39:52 ----D---- C:\Windows\system32\sppui
2013-03-21 15:39:52 ----D---- C:\Windows\system32\manifeststore
2013-03-21 15:39:51 ----D---- C:\Windows\system32\drivers\cs-CZ
2013-03-21 15:39:50 ----D---- C:\Windows\system32\wbem
2013-03-21 15:39:49 ----D---- C:\Windows\system32\migwiz
2013-03-21 15:39:49 ----D---- C:\Windows\system32\Dism
2013-03-21 15:39:15 ----RSD---- C:\Windows\Fonts
2013-03-21 15:39:02 ----D---- C:\Windows\system32\Boot
2013-03-21 15:35:43 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-03-20 23:17:34 ----A---- C:\Windows\system32\msclmd.dll
2013-03-17 21:10:24 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-03-17 21:10:20 ----A---- C:\Windows\system32\FlashPlayerInstaller.exe
2013-03-13 11:58:38 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-10 242240]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-28 8758784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-28 296448]
R3 BSecACFltr;BSecACFltr; C:\Windows\system32\DRIVERS\BSecACFltr.sys [2011-06-14 21624]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-05-22 3226960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2011-12-02 199528]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-28 217600]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 291840]
R2 Bsecure;AVG Family Safety; C:\Program Files\AVG\AVG Family Safety\InetCtrl.exe [2011-12-07 66376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-09-05 655624]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-19 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1343400]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Márty84]

Zapomnel jste na nejdulezitejsi krok

Pak napiste, jak je na tom pc.

[scorpion]

Nevidím změna stavu před týdnem a dnes. PC se chová stejně, rychlost se nezměnila. Jak moc velký problém byl s tím HDD?

[Márty84]

V poradku urcite neni. Jak vazne to je se tezko hada. Muze to byt pricina problemu.

Zkusime jeste CF



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[scorpion]

ještě než to udělám, chci se zeptat, co je s PC špatně? Při práci na něm totiž nevypadá, že by bylo něco blbě, normálně pracuje a funguje, aniž by měl problémy s ukládáním na HDD nebo něčím podobným. Děkuji

[Márty84]

Nevim co je spatne. Vy jste psal ze je pomaly. Disk hlasi spoustu chyb cteni a hledani, cili teoreticky mu to dele trva a tim se to zpomaluje.

Havet jsem zatim zadnou nevidel, mazal jsem jen zbytecnosti. Ale zadny log neukaze vsechno, takze jsou dve moznosti. Patrat dal, nebo se na to vykaslat.

Pokud je to diskem, nic s tim nenadelame. Bud pomuze kompletni format, nebo vymena.

[scorpion]

Nechci se pouštět do riskantnějších kroků kvůli datům (fotky, dokumenty), které nemám momentálně kde zálohovat. Je velké riziko ztráty dat při spuštění Combo fixu?

[Márty84]

Takove veci maji byt zalohovane vzdy. Kdyz disk vypovi sluzbu, bude pruser

Jestli je pc vazne ciste, riziko neni az tak velke. Ale clovek nikdy nevi. Ja osobne bych to treba bez zalohy nedelal.

[scorpion]

Dobrá, pokusím se zálohovat data, a poté zkusím Combo fix. Bude to nějakou dobu trvat, takže potom napíšu. Zatím děkuji.

[Márty84]

OK


28.4.2013 pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975