Avast nedokaze najit vir - svchost.exe

Zpráva

krbec · #1 Příspěvek od **krbec** » 07 pro 2013 16:41

Dobry den,
chtel bych pozadat o pomoc. Avast mi pravidelne hlasil, ze zablokoval virus. Vir byl lokalizovan v svchost.exe. Pred nalezenim tohoto fora mi bylo doporuceno, abych spustil program ComboFix. Bohuzel jsem si az po spusteni precetl, ze bych toto sam nemel delat a ze bych tuto akci mel provest az po vyzvani odbornika. Vim, ze jsem udelal chybu. Ackoli muj postup nebyl spravny, mohl bych Vas pozadat o analyzu vysledneho logu?

Predem dekuji za odpoved a pomoc.

ComboFix 13-12-07.01 - Růžička 07.12.2013 14:49:07.1.4 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3070.2195 [GMT 1:00]
Spuštěný z: c:\users\Růžička\Desktop\ABC.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\system32\ntos.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-07 do 2013-12-07 )))))))))))))))))))))))))))))))
.
.
2013-12-07 14:57 . 2013-12-07 15:02 -------- d-----w- c:\users\Růžička\AppData\Local\temp
2013-12-07 14:57 . 2013-12-07 14:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-07 14:57 . 2013-12-07 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-07 13:31 . 2013-12-07 13:31 -------- d-----w- c:\users\Růžička\AppData\Roaming\AVAST Software
2013-12-07 13:07 . 2013-12-07 13:07 -------- d-----w- c:\users\Růžička\DoctorWeb
2013-12-07 10:32 . 2013-12-07 10:50 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-07 10:32 . 2013-12-07 10:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-07 10:18 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A913994-96D3-4A7D-822F-4BDA123F2498}\mpengine.dll
2013-11-24 12:18 . 2013-11-28 18:36 -------- d-----w- c:\users\Růžička\AppData\Roaming\HpUpdate
2013-11-24 12:17 . 2013-11-24 12:18 -------- d-----w- c:\programdata\Hewlett-Packard
2013-11-24 12:16 . 2011-04-13 12:08 306688 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp108.DLL
2013-11-24 12:09 . 2011-05-10 03:56 751160 ----a-w- c:\windows\system32\hpptsp10.dll
2013-11-24 12:09 . 2011-05-10 03:54 460344 ----a-w- c:\windows\system32\hpwia2_lj100m175.dll
2013-11-24 12:09 . 2011-05-10 03:54 187960 ----a-w- c:\windows\system32\hppscancoins32.dll
2013-11-24 12:09 . 2011-05-10 03:56 26648 ----a-w- c:\windows\system32\drivers\hppcgenio.sys
2013-11-24 12:09 . 2011-05-10 03:54 188416 ----a-w- c:\windows\system32\hpmldm01.dll
2013-11-24 12:09 . 2011-05-10 03:53 20504 ----a-w- c:\windows\system32\drivers\hppcbulkio.sys
2013-11-24 12:08 . 2011-05-10 03:54 238080 ----a-w- c:\windows\system32\hpbcoins32.dll
2013-11-24 12:08 . 2011-02-11 14:23 167480 ----a-w- c:\windows\system32\hppccompio.dll
2013-11-24 12:08 . 2011-04-13 12:08 279552 ----a-w- c:\windows\system32\hpcpn108.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-07 15:00 . 2009-08-25 13:32 16608 ----a-w- c:\windows\gdrv.sys
2013-12-07 10:50 . 2011-03-26 16:39 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-07 10:50 . 2009-11-22 17:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-07 10:50 . 2009-11-22 17:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-07 10:50 . 2009-11-22 17:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-07 10:50 . 2009-11-22 17:43 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-07 10:50 . 2009-11-22 17:43 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-07 10:49 . 2011-03-26 16:38 43152 ----a-w- c:\windows\avastSS.scr
2013-12-07 10:49 . 2009-11-22 17:43 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-11 04:50 . 2009-10-24 15:07 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-09 19:36 . 2012-05-01 14:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:36 . 2011-06-15 12:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-07 10:49 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"bluebirds"="c:\users\Růžička\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Akamai NetSession Interface"="c:\users\Růžička\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-20 6711840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2009-04-15 2519040]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2009-04-15 1048576]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-09-02 315478]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2012-05-07 160840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-07 3568312]
.
c:\users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files\Panasonic\PHOTOfunSTUDIO 6.1 HD Lite\PHOTOfunSTUDIO.exe" [2011-6-25 174064]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-4-8 9723904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
Akamai REG_MULTI_SZ Akamai
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 19:36]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 17:37]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 17:37]
.
2013-11-10 c:\windows\Tasks\Norton Security Scan for Růžička.job
- c:\progra~1\NORTON~2\Engine\376~1.5\Nss.exe [2012-11-24 10:19]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.39\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: postsignum.cz\www
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BSPlayer - c:\users\Růžička\Desktop\bsplayer\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-07 16:03
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2324)
c:\windows\system32\BsSDK.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Gigabyte\EasySaver\ESSVR.EXE
c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
c:\program files\HP\HPBDSService\HPBDSService.exe
c:\program files\HP\HPLaserJetService\HPLaserJetService.exe
c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\conime.exe
c:\windows\System32\WerFault.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-12-07 16:09:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-07 15:09
.
Před spuštěním: Volných bajtů: 628 535 377 920
Po spuštění: Volných bajtů: 630 357 524 480
.
- - End Of File - - 496D2ADAB83F931B49FBE05900768181
5C616939100B85E558DA92B899A0FC36

#2 Příspěvek od **vyosek** » 07 pro 2013 16:50

Zdravim

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

krbec · #3 Příspěvek od **krbec** » 07 pro 2013 16:56

Dobry den, tohle jsem si bohuzel precetl az po pouziti tohoto nastroje. Existuje nejaka moznost, jak tuto chybu napravit? Avast sice jiz nyni zadnou chybu nehlasi, ale po precteni pravidel na vasem foru jsem se trochu vydesil.

#4 Příspěvek od **vyosek** » 07 pro 2013 16:59

Prace to bude tezsi, ale nejak to snad pujde

Udelejte ten aswMBR

krbec · #5 Příspěvek od **krbec** » 07 pro 2013 18:07

Vkladam vysledek

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-07 16:59:47
-----------------------------
16:59:47.009 OS Version: Windows 6.0.6001 Service Pack 1
16:59:47.009 Number of processors: 4 586 0x203
16:59:47.010 ComputerName: RŮŽIČKA-PC UserName: Růžička
16:59:50.156 Initialize success
16:59:53.068 AVAST engine defs: 13120601
16:59:56.401 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:59:56.409 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953868MB BusType: 3
16:59:56.428 Disk 0 MBR read successfully
16:59:56.437 Disk 0 MBR scan
16:59:56.448 Disk 0 Windows VISTA default MBR code
16:59:56.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953866 MB offset 2048
16:59:56.485 Disk 0 scanning sectors +1953519616
16:59:56.561 Disk 0 scanning C:\Windows\system32\drivers
17:00:08.041 Service scanning
17:00:23.570 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:00:28.451 Modules scanning
17:00:35.104 Disk 0 trace - called modules:
17:00:35.124 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86a031f8]<<
17:00:35.131 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875e9118]
17:00:35.136 3 CLASSPNP.SYS[8b9ab745] -> nt!IofCallDriver -> [0x86a80918]
17:00:35.141 5 acpi.sys[8072b6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86a988a8]
17:00:35.147 \Driver\atapi[0x86a5da08] -> IRP_MJ_CREATE -> 0x86a031f8
17:00:38.209 AVAST engine scan C:\Windows
17:00:45.342 AVAST engine scan C:\Windows\system32
17:04:02.542 AVAST engine scan C:\Windows\system32\drivers
17:04:48.162 AVAST engine scan C:\Users\Růžička
17:37:35.273 File: C:\Users\Růžička\Desktop\ŠKOLNÍ VĚCI\nová záloha škola\škola\Personal Data\My Documents\3.roč\ls\pel\moje semestralaka\moje sem.exe **INFECTED** Win32:Downloader-QJN [Trj]
17:37:35.739 File: C:\Users\Růžička\Desktop\ŠKOLNÍ VĚCI\nová záloha škola\škola\Personal Data\My Documents\3.roč\ls\pel\moje semestralaka\moje.exe **INFECTED** Win32:Downloader-QJN [Trj]
17:41:07.744 File: C:\Users\Růžička\Desktop\ŠKOLNÍ VĚCI\ŠKOLA\3.roč\ls\pel\moje semestralaka\moje sem.exe **INFECTED** Win32:Downloader-QJN [Trj]
17:41:07.885 File: C:\Users\Růžička\Desktop\ŠKOLNÍ VĚCI\ŠKOLA\3.roč\ls\pel\moje semestralaka\moje.exe **INFECTED** Win32:Downloader-QJN [Trj]
17:51:05.983 AVAST engine scan C:\ProgramData
17:56:22.371 Scan finished successfully
18:04:10.001 Disk 0 MBR has been saved successfully to "C:\Users\Růžička\Desktop\MBR.dat"
18:04:10.011 The log file has been saved successfully to "C:\Users\Růžička\Desktop\aswMBR.txt"

#6 Příspěvek od **vyosek** » 08 pro 2013 02:53

Odinstalujte SpywareTerminator

Udelejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

krbec · #7 Příspěvek od **krbec** » 08 pro 2013 09:31

Addition.rar: (3.29 KiB) Staženo 32 x

Addition.rar: (3.29 KiB) Staženo 32 x

Prikladam oba logy.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2013 01
Ran by Růžička (administrator) on RŮŽIČKA-PC on 08-12-2013 09:22:15
Running from C:\Users\Růžička\Desktop
Microsoft® Windows Vista™ Business Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(IVT Corporation) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
() C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(SMART Technologies) C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
() C:\Windows\FixCamera.exe
() C:\Windows\tsnp2std.exe
(Sonix) C:\Windows\vsnp2std.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(IVT Corporation) C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LG Electronics) C:\Users\Růžička\Bluebirds\BlueBirds.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Růžička\AppData\Local\Akamai\netsession_win.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
(Akamai Technologies, Inc.) C:\Users\Růžička\AppData\Local\Akamai\netsession_win.exe
(IVT Corporation) C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
(Google Inc.) C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
(Nokia.) C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
(Google Inc.) C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
() C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Hewlett Packard) C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
(forum.viry.cz) C:\Users\Růžička\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6711840 2009-01-20] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-01-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\System32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
HKLM\...\Run: [SMART Board Service] - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe [2519040 2009-04-15] (SMART Technologies)
HKLM\...\Run: [SMART SNMP Agent] - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [1048576 2009-04-15] (SMART Technologies ULC)
HKLM\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM\...\Run: [tsnp2std] - C:\Windows\tsnp2std.exe [270336 2007-05-12] ()
HKLM\...\Run: [snp2std] - C:\Windows\vsnp2std.exe [344064 2007-05-10] (Sonix)
HKLM\...\Run: [HTC Sync Loader] - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [585728 2011-01-07] ()
HKLM\...\Run: [BtTray] - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [160840 2012-05-07] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-07] (AVAST Software)
HKCU\...\Run: [bluebirds] - C:\Users\Růžička\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [888120 2011-01-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3372856 2011-01-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [15141768 2011-06-15] (Skype Technologies S.A.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Růžička\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0E78E3A433ECB01
URLSearchHook: HKCU - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
SearchScopes: HKCU - DefaultScope {36ADB435-EED4-4841-BB07-76017FE70D63} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {36ADB435-EED4-4841-BB07-76017FE70D63} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.cz
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\R\u016F\u017Ei\u010Dka\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\R\u016F\u017Ei\u010Dka\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\R\u016F\u017Ei\u010Dka\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Play.cz) - C:\Users\Růžička\AppData\Local\Google\Chrome\User Data\Default\Extensions\dacomocbpihfdldecacpjedmmcbdgdop\2.10.0_0
CHR Extension: (avast! Online Security) - C:\Users\Růžička\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Explain and Send Screenshots) - C:\Users\Růžička\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin\6.8.1_0
CHR Extension: (Google Wallet) - C:\Users\Růžička\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Růžička\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Google Quick Scroll) - C:\Users\Růžička\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.1.2_0
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-07] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [102503 2009-09-02] (IVT Corporation)
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-02-05] ()
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP)
R2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9172 2012-06-15] ()
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
R3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [354816 2008-02-20] (Nokia.)

==================== Drivers (Whitelisted) ====================

S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-07] ()
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [17928 2009-06-17] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-07-08] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R3 gdrv; C:\Windows\gdrv.sys [16608 2013-12-08] (Windows (R) 2000 DDK provider)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2011-05-10] (Hewlett Packard)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [83296 2008-11-04] (JMicron Technology Corp.)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11048 2009-04-07] (SMART Technologies ULC)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14120 2009-04-07] (SMART Technologies ULC)
R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [14336 2009-04-07] (SMART Technologies ULC)
R3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12178944 2007-07-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-05] ()
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2009-06-17] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [32392 2009-06-17] (IVT Corporation.)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U3 a1h5yr3y; C:\Windows\System32\Drivers\a1h5yr3y.sys [0 ] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33800 2009-06-17] (IVT Corporation.)
S3 catchme; \??\C:\ABC\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-08 09:22 - 2013-12-08 09:22 - 00021715 _____ C:\Users\Růžička\Desktop\FRST.txt
2013-12-08 09:21 - 2013-12-08 09:21 - 00000000 ____D C:\FRST
2013-12-08 09:17 - 2013-12-08 09:16 - 01060421 _____ (Farbar) C:\Users\Růžička\Desktop\FRST.exe
2013-12-08 09:17 - 2013-12-08 09:16 - 00112640 _____ (forum.viry.cz) C:\Users\Růžička\Desktop\FRSTLauncher.exe
2013-12-08 09:16 - 2013-12-08 09:16 - 01060421 _____ (Farbar) C:\Users\Růžička\Downloads\FRST.exe
2013-12-08 09:16 - 2013-12-08 09:16 - 00112640 _____ (forum.viry.cz) C:\Users\Růžička\Downloads\FRSTLauncher.exe
2013-12-08 09:10 - 2013-12-08 09:10 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-12-07 23:48 - 2013-12-07 23:48 - 00146512 _____ C:\Windows\Minidump\Mini120713-05.dmp
2013-12-07 23:29 - 2013-12-07 23:29 - 00146704 _____ C:\Windows\Minidump\Mini120713-04.dmp
2013-12-07 21:45 - 2013-12-07 21:45 - 00156160 _____ C:\Windows\Minidump\Mini120713-03.dmp
2013-12-07 18:04 - 2013-12-07 18:04 - 00002696 _____ C:\Users\Růžička\Desktop\aswMBR.txt
2013-12-07 18:04 - 2013-12-07 18:04 - 00000512 _____ C:\Users\Růžička\Desktop\MBR.dat
2013-12-07 16:57 - 2013-12-07 16:58 - 04745728 _____ (AVAST Software) C:\Users\Růžička\Desktop\aswMBR.exe
2013-12-07 16:09 - 2013-12-07 16:09 - 00014466 _____ C:\ComboFix.txt
2013-12-07 16:00 - 2013-12-07 16:00 - 00146104 _____ C:\Windows\Minidump\Mini120713-02.dmp
2013-12-07 14:45 - 2013-12-07 14:45 - 00146104 _____ C:\Windows\Minidump\Mini120713-01.dmp
2013-12-07 14:35 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-07 14:35 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-07 14:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-07 14:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-07 14:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-07 14:35 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-07 14:35 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-07 14:35 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-07 14:31 - 2013-12-07 14:31 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\AVAST Software
2013-12-07 14:12 - 2013-12-07 14:12 - 04733592 _____ (AVAST Software) C:\Users\Růžička\Downloads\avast_free_antivirus_setup_online.exe
2013-12-07 14:07 - 2013-12-07 14:07 - 00000000 ____D C:\Users\Růžička\DoctorWeb
2013-12-07 13:35 - 2013-12-07 16:09 - 00000000 ____D C:\Qoobox
2013-12-07 13:34 - 2013-12-07 16:07 - 00000000 ____D C:\Windows\erdnt
2013-12-07 12:55 - 2013-12-07 12:57 - 05153293 ____R (Swearware) C:\Users\Růžička\Desktop\ABC.exe
2013-12-07 12:44 - 2013-12-07 13:01 - 85200976 _____ C:\Users\Růžička\Downloads\cureit.exe
2013-12-07 12:06 - 2013-12-07 12:07 - 00903832 _____ C:\Users\Růžička\Downloads\yet_another_cleaner.exe
2013-12-07 11:32 - 2013-12-07 11:50 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-07 11:32 - 2013-12-07 11:50 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-30 12:57 - 2013-11-30 12:57 - 00845627 _____ C:\Users\Růžička\Downloads\Pisecny muz - Lars Kepler.fb2
2013-11-30 12:53 - 2013-11-30 14:56 - 801987788 _____ C:\Users\Růžička\Downloads\Plán úteku Escape Plan (2013) cam CZ TIT. VE FILMU!!.avi
2013-11-30 11:55 - 2013-11-30 11:56 - 00350211 _____ C:\Users\Růžička\Downloads\Lars-Kepler---Svedkyne-ohne.epub
2013-11-24 19:40 - 2013-11-24 19:40 - 00148336 _____ C:\Windows\Minidump\Mini112413-05.dmp
2013-11-24 19:33 - 2013-11-24 19:33 - 00146392 _____ C:\Windows\Minidump\Mini112413-04.dmp
2013-11-24 18:35 - 2013-11-24 18:35 - 00154032 _____ C:\Windows\Minidump\Mini112413-03.dmp
2013-11-24 13:43 - 2013-11-24 13:44 - 00145912 _____ C:\Windows\Minidump\Mini112413-02.dmp
2013-11-24 13:32 - 2013-11-24 13:32 - 00145912 _____ C:\Windows\Minidump\Mini112413-01.dmp
2013-11-24 13:18 - 2013-11-28 19:36 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\HpUpdate
2013-11-24 13:18 - 2013-11-24 13:18 - 00000994 _____ C:\Users\Public\Desktop\HP LJ100 M175 Scan.lnk
2013-11-24 13:17 - 2013-11-24 13:18 - 00000199 _____ C:\Windows\system32\msiexec.log
2013-11-24 13:17 - 2013-11-24 13:18 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-11-24 13:17 - 2013-11-24 13:17 - 00001156 _____ C:\Users\Public\Desktop\HP LaserJet 100 color MFP M175 - Centrum nápovědy a vzdělávání.lnk
2013-11-24 13:17 - 2013-11-24 13:17 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2013-11-24 13:09 - 2011-05-10 04:56 - 00751160 _____ (Hewlett-Packard) C:\Windows\system32\hpptsp10.dll
2013-11-24 13:09 - 2011-05-10 04:56 - 00026648 _____ (Hewlett Packard) C:\Windows\system32\Drivers\hppcgenio.sys
2013-11-24 13:09 - 2011-05-10 04:54 - 00460344 _____ (Hewlett-Packard) C:\Windows\system32\hpwia2_lj100m175.dll
2013-11-24 13:09 - 2011-05-10 04:54 - 00188416 _____ (Hewlett Packard) C:\Windows\system32\hpmldm01.dll
2013-11-24 13:09 - 2011-05-10 04:54 - 00187960 _____ (Hewlett Packard) C:\Windows\system32\hppscancoins32.dll
2013-11-24 13:09 - 2011-05-10 04:54 - 00003208 _____ C:\Windows\system32\hppls100.spf
2013-11-24 13:09 - 2011-05-10 04:53 - 00020504 _____ (Hewlett Packard) C:\Windows\system32\Drivers\hppcbulkio.sys
2013-11-24 13:08 - 2011-05-10 04:54 - 00238080 _____ (Hewlett-Packard) C:\Windows\system32\hpbcoins32.dll
2013-11-24 13:08 - 2011-04-13 13:08 - 00279552 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn108.dll
2013-11-24 13:08 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\system32\hppccompio.dll
2013-11-24 12:51 - 2013-11-24 12:51 - 00001017 _____ C:\Users\Růžička\Documents\tisk_nastaveni.txt
2013-11-24 12:18 - 2013-11-24 12:40 - 141648496 _____ C:\Users\Růžička\Downloads\CLJ_MFP_M175_N_sw_win_full_solution.exe
2013-11-24 12:00 - 2013-11-24 12:00 - 00001793 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2013-11-24 11:59 - 2013-11-24 12:00 - 06110144 _____ C:\Users\Růžička\Downloads\HPPSdr.exe
2013-11-10 12:37 - 2013-11-10 12:59 - 00000000 ____D C:\Users\Růžička\Desktop\fotky k vypálení
2013-11-10 10:40 - 2013-11-10 13:47 - 00000000 ____D C:\Users\Růžička\Desktop\fotky k vypálení 2

==================== One Month Modified Files and Folders =======

2013-12-08 09:22 - 2013-12-08 09:22 - 00021715 _____ C:\Users\Růžička\Desktop\FRST.txt
2013-12-08 09:21 - 2013-12-08 09:21 - 00000000 ____D C:\FRST
2013-12-08 09:16 - 2013-12-08 09:17 - 01060421 _____ (Farbar) C:\Users\Růžička\Desktop\FRST.exe
2013-12-08 09:16 - 2013-12-08 09:17 - 00112640 _____ (forum.viry.cz) C:\Users\Růžička\Desktop\FRSTLauncher.exe
2013-12-08 09:16 - 2013-12-08 09:16 - 01060421 _____ (Farbar) C:\Users\Růžička\Downloads\FRST.exe
2013-12-08 09:16 - 2013-12-08 09:16 - 00112640 _____ (forum.viry.cz) C:\Users\Růžička\Downloads\FRSTLauncher.exe
2013-12-08 09:15 - 2008-01-21 02:39 - 01861097 _____ C:\Windows\WindowsUpdate.log
2013-12-08 09:15 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 09:15 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 09:14 - 2010-10-10 18:23 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\Skype
2013-12-08 09:11 - 2011-01-26 17:01 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-12-08 09:10 - 2013-12-08 09:10 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-12-08 09:10 - 2011-03-19 16:21 - 00005063 _____ C:\Windows\system32\LOCALSERVICE.INI
2013-12-08 09:10 - 2010-09-10 18:37 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-08 09:10 - 2009-09-07 15:42 - 00000905 _____ C:\Windows\system32\bscs.ini
2013-12-08 09:10 - 2009-08-25 17:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-08 09:10 - 2009-08-25 14:32 - 00016608 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2013-12-08 09:10 - 2009-08-25 14:32 - 00000124 _____ C:\service.log
2013-12-08 09:10 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 09:09 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-07 23:50 - 2010-09-10 18:37 - 00000942 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-07 23:48 - 2013-12-07 23:48 - 00146512 _____ C:\Windows\Minidump\Mini120713-05.dmp
2013-12-07 23:48 - 2011-01-02 11:01 - 00000000 ____D C:\Windows\Minidump
2013-12-07 23:48 - 2011-01-02 11:00 - 308706958 _____ C:\Windows\MEMORY.DMP
2013-12-07 23:32 - 2012-05-01 15:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-07 23:29 - 2013-12-07 23:29 - 00146704 _____ C:\Windows\Minidump\Mini120713-04.dmp
2013-12-07 21:45 - 2013-12-07 21:45 - 00156160 _____ C:\Windows\Minidump\Mini120713-03.dmp
2013-12-07 20:15 - 2012-11-24 10:57 - 00000440 ____H C:\Windows\Tasks\Norton Security Scan for Růžička.job
2013-12-07 20:07 - 2012-12-01 19:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-07 18:04 - 2013-12-07 18:04 - 00002696 _____ C:\Users\Růžička\Desktop\aswMBR.txt
2013-12-07 18:04 - 2013-12-07 18:04 - 00000512 _____ C:\Users\Růžička\Desktop\MBR.dat
2013-12-07 16:58 - 2013-12-07 16:57 - 04745728 _____ (AVAST Software) C:\Users\Růžička\Desktop\aswMBR.exe
2013-12-07 16:09 - 2013-12-07 16:09 - 00014466 _____ C:\ComboFix.txt
2013-12-07 16:09 - 2013-12-07 13:35 - 00000000 ____D C:\Qoobox
2013-12-07 16:09 - 2013-03-16 17:10 - 00000000 ____D C:\Users\Knihy
2013-12-07 16:09 - 2009-12-31 13:59 - 00000000 ____D C:\Users\Růžička\AppData\Local\Apps\2.0
2013-12-07 16:09 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-12-07 16:09 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-07 16:07 - 2013-12-07 13:34 - 00000000 ____D C:\Windows\erdnt
2013-12-07 16:01 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-07 16:00 - 2013-12-07 16:00 - 00146104 _____ C:\Windows\Minidump\Mini120713-02.dmp
2013-12-07 14:45 - 2013-12-07 14:45 - 00146104 _____ C:\Windows\Minidump\Mini120713-01.dmp
2013-12-07 14:31 - 2013-12-07 14:31 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\AVAST Software
2013-12-07 14:25 - 2012-04-01 13:28 - 00001873 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-07 14:12 - 2013-12-07 14:12 - 04733592 _____ (AVAST Software) C:\Users\Růžička\Downloads\avast_free_antivirus_setup_online.exe
2013-12-07 14:07 - 2013-12-07 14:07 - 00000000 ____D C:\Users\Růžička\DoctorWeb
2013-12-07 14:07 - 2009-08-25 01:00 - 00000000 ____D C:\Users\Růžička
2013-12-07 13:05 - 2008-01-21 07:02 - 01419744 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-07 13:01 - 2013-12-07 12:44 - 85200976 _____ C:\Users\Růžička\Downloads\cureit.exe
2013-12-07 12:57 - 2013-12-07 12:55 - 05153293 ____R (Swearware) C:\Users\Růžička\Desktop\ABC.exe
2013-12-07 12:07 - 2013-12-07 12:06 - 00903832 _____ C:\Users\Růžička\Downloads\yet_another_cleaner.exe
2013-12-07 11:50 - 2013-12-07 11:32 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-07 11:50 - 2013-12-07 11:32 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-07 11:50 - 2011-03-26 17:39 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-07 11:50 - 2009-11-22 18:43 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-07 11:50 - 2009-11-22 18:43 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-07 11:50 - 2009-11-22 18:43 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-07 11:50 - 2009-11-22 18:43 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-12-07 11:50 - 2009-11-22 18:43 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-07 11:49 - 2011-03-26 17:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-07 11:49 - 2009-11-22 18:43 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-07 11:34 - 2011-03-26 17:38 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-07 11:32 - 2006-11-02 11:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-11-30 17:06 - 2013-03-16 17:14 - 00000000 ____D C:\Users\Růžička\Documents\Knihy_kindle
2013-11-30 14:56 - 2013-11-30 12:53 - 801987788 _____ C:\Users\Růžička\Downloads\Plán úteku Escape Plan (2013) cam CZ TIT. VE FILMU!!.avi
2013-11-30 13:09 - 2013-03-16 17:10 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\calibre
2013-11-30 12:57 - 2013-11-30 12:57 - 00845627 _____ C:\Users\Růžička\Downloads\Pisecny muz - Lars Kepler.fb2
2013-11-30 11:56 - 2013-11-30 11:55 - 00350211 _____ C:\Users\Růžička\Downloads\Lars-Kepler---Svedkyne-ohne.epub
2013-11-28 19:36 - 2013-11-24 13:18 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\HpUpdate
2013-11-24 19:40 - 2013-11-24 19:40 - 00148336 _____ C:\Windows\Minidump\Mini112413-05.dmp
2013-11-24 19:33 - 2013-11-24 19:33 - 00146392 _____ C:\Windows\Minidump\Mini112413-04.dmp
2013-11-24 18:35 - 2013-11-24 18:35 - 00154032 _____ C:\Windows\Minidump\Mini112413-03.dmp
2013-11-24 16:52 - 2011-06-25 17:43 - 00000000 ____D C:\PFS6.1HD_TMP
2013-11-24 13:44 - 2013-11-24 13:43 - 00145912 _____ C:\Windows\Minidump\Mini112413-02.dmp
2013-11-24 13:32 - 2013-11-24 13:32 - 00145912 _____ C:\Windows\Minidump\Mini112413-01.dmp
2013-11-24 13:19 - 2009-11-12 20:15 - 00000000 ____D C:\ProgramData\HP
2013-11-24 13:18 - 2013-11-24 13:18 - 00000994 _____ C:\Users\Public\Desktop\HP LJ100 M175 Scan.lnk
2013-11-24 13:18 - 2013-11-24 13:17 - 00000199 _____ C:\Windows\system32\msiexec.log
2013-11-24 13:18 - 2013-11-24 13:17 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-11-24 13:18 - 2009-11-12 20:16 - 00000000 ____D C:\Program Files\HP
2013-11-24 13:18 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\twain_32
2013-11-24 13:17 - 2013-11-24 13:17 - 00001156 _____ C:\Users\Public\Desktop\HP LaserJet 100 color MFP M175 - Centrum nápovědy a vzdělávání.lnk
2013-11-24 13:17 - 2013-11-24 13:17 - 00000000 ____D C:\Users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2013-11-24 12:51 - 2013-11-24 12:51 - 00001017 _____ C:\Users\Růžička\Documents\tisk_nastaveni.txt
2013-11-24 12:40 - 2013-11-24 12:18 - 141648496 _____ C:\Users\Růžička\Downloads\CLJ_MFP_M175_N_sw_win_full_solution.exe
2013-11-24 12:00 - 2013-11-24 12:00 - 00001793 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2013-11-24 12:00 - 2013-11-24 11:59 - 06110144 _____ C:\Users\Růžička\Downloads\HPPSdr.exe
2013-11-24 11:35 - 2009-11-12 19:20 - 00009811 _____ C:\ProgramData\hpzinstall.log
2013-11-24 11:32 - 2009-11-12 19:30 - 00038688 _____ C:\Windows\DPINST.LOG
2013-11-24 10:46 - 2010-01-16 13:08 - 00002052 _____ C:\Users\Růžička\Desktop\Google Chrome.lnk
2013-11-19 19:51 - 2013-08-17 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-19 19:44 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-11 05:50 - 2009-10-24 16:07 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 13:47 - 2013-11-10 10:40 - 00000000 ____D C:\Users\Růžička\Desktop\fotky k vypálení 2
2013-11-10 12:59 - 2013-11-10 12:37 - 00000000 ____D C:\Users\Růžička\Desktop\fotky k vypálení
2013-11-10 11:56 - 2013-11-07 19:48 - 00000000 ____D C:\Users\Růžička\Desktop\výběr foto(2)

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\R��i�ka\Desktop" je 70770 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#8 Příspěvek od **vyosek** » 08 pro 2013 17:03

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\System32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [160840 2012-05-07] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [888120 2011-01-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3372856 2011-01-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [15141768 2011-06-15] (Skype Technologies S.A.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Růžička\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0E78E3A433ECB01
URLSearchHook: HKCU - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
SearchScopes: HKCU - DefaultScope {36ADB435-EED4-4841-BB07-76017FE70D63} URL = http://search.yahoo.com/search?fr=chr-g ... =867034&p={searchTerms}
SearchScopes: HKCU - {36ADB435-EED4-4841-BB07-76017FE70D63} URL = http://search.yahoo.com/search?fr=chr-g ... =867034&p={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

DisableService: RichVideo

S3 catchme; \??\C:\ABC\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]

2013-12-08 09:16 - 2013-12-08 09:16 - 01060421 _____ (Farbar) C:\Users\Růžička\Downloads\FRST.exe
2013-12-08 09:16 - 2013-12-08 09:16 - 00112640 _____ (forum.viry.cz) C:\Users\Růžička\Downloads\FRSTLauncher.exe

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

krbec · #9 Příspěvek od **krbec** » 14 pro 2013 10:44

Dobry den,
omlouvam se za opozdenou reakci. Cely tyden jsem nemel pristup k PC. Fixlog je nize:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2013 01
Ran by Růžička at 2013-12-14 10:30:34 Run:1
Running from C:\Users\Růžička\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\System32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [160840 2012-05-07] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [888120 2011-01-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3372856 2011-01-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [15141768 2011-06-15] (Skype Technologies S.A.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Růžička\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0E78E3A433ECB01
URLSearchHook: HKCU - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
SearchScopes: HKCU - DefaultScope {36ADB435-EED4-4841-BB07-76017FE70D63} URL = http://search.yahoo.com/search?fr=chr-g ... =867034&p={searchTerms}
SearchScopes: HKCU - {36ADB435-EED4-4841-BB07-76017FE70D63} URL = http://search.yahoo.com/search?fr=chr-g ... =867034&p={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

DisableService: RichVideo

S3 catchme; \??\C:\ABC\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]

2013-12-08 09:16 - 2013-12-08 09:16 - 01060421 _____ (Farbar) C:\Users\Růžička\Downloads\FRST.exe
2013-12-08 09:16 - 2013-12-08 09:16 - 00112640 _____ (forum.viry.cz) C:\Users\Růžička\Downloads\FRSTLauncher.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\LanguageShortcut => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaMServer => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PDFPrint => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value not found.
HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} => Value deleted successfully.
HKCR\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36ADB435-EED4-4841-BB07-76017FE70D63} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{36ADB435-EED4-4841-BB07-76017FE70D63} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
RichVideo service was disabled
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
upperdev => Service deleted successfully.
C:\Users\Růžička\Downloads\FRST.exe => Moved successfully.
C:\Users\Růžička\Downloads\FRSTLauncher.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#10 Příspěvek od **vyosek** » 15 pro 2013 06:49

Zdravicko,

jak se chova PC nyni??

krbec · #11 Příspěvek od **krbec** » 15 pro 2013 09:34

Avast jiz zadne chyby nehlasi, ale ackoli na PC nic nedelam, proces explorer.exe vyuziva CPU na 50%.

#12 Příspěvek od **vyosek** » 15 pro 2013 18:51

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Novy log z RSIT

krbec · #13 Příspěvek od **krbec** » 21 pro 2013 11:52

Prikladam RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Růžička at 2013-12-21 11:42:32
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 602 GB (63%) free of 954 GB
Total RAM: 3070 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:28, on 21.12.2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Růžička\Bluebirds\BlueBirds.exe
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\HP\HP LaserJet 100 color MFP M175\Help_Learn\Help.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\notepad.exe
C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Růžička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Růžička\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Růžička.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O4 - HKLM\..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe -e
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [bluebirds] C:\Users\Růžička\Bluebirds\BlueBirds.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.39\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 9340 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Růžička.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll [2009-04-28 529704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-25 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-12-07 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-25 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-12-07 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-01-20 6711840]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-01-20 1833504]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"SMART Board Service"=C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe [2009-04-15 2519040]
"SMART SNMP Agent"=C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2009-04-15 1048576]
"FixCamera"=C:\Windows\FixCamera.exe [2007-07-11 20480]
"tsnp2std"=C:\Windows\tsnp2std.exe [2007-05-12 270336]
"snp2std"=C:\Windows\vsnp2std.exe [2007-05-10 344064]
"HTC Sync Loader"=C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-01-07 585728]
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-09-02 315478]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-12-07 3568312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"bluebirds"=C:\Users\Růžička\Bluebirds\BlueBirds.exe [2009-04-29 270336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
SMART Board Tools.lnk - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe

C:\Users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-12-21 11:42:33 ----D---- C:\Program Files\trend micro
2013-12-21 11:42:32 ----D---- C:\rsit
2013-12-21 11:27:57 ----D---- C:\Program Files\CCleaner
2013-12-21 11:18:51 ----D---- C:\HP_SI_965D0289-10E1-45ec-B11F-A60AC9AE8D4D
2013-12-07 16:01:57 ----SHD---- C:\$RECYCLE.BIN
2013-12-07 14:31:29 ----D---- C:\Users\Růžička\AppData\Roaming\AVAST Software
2013-12-07 13:35:07 ----D---- C:\Qoobox
2013-12-07 13:34:32 ----D---- C:\Windows\erdnt
2013-12-07 11:32:05 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-12-07 11:32:02 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-11-24 13:18:46 ----D---- C:\Users\Růžička\AppData\Roaming\HpUpdate
2013-11-24 13:17:17 ----D---- C:\ProgramData\Hewlett-Packard
2013-11-24 13:09:31 ----A---- C:\Windows\system32\hpwia2_lj100m175.dll
2013-11-24 13:09:31 ----A---- C:\Windows\system32\hpptsp10.dll
2013-11-24 13:09:31 ----A---- C:\Windows\system32\hppscancoins32.dll
2013-11-24 13:09:19 ----A---- C:\Windows\system32\hpmldm01.dll
2013-11-24 13:09:19 ----A---- C:\Windows\system32\drivers\hppcgenio.sys
2013-11-24 13:09:19 ----A---- C:\Windows\system32\drivers\hppcbulkio.sys
2013-11-24 13:08:21 ----A---- C:\Windows\system32\hpbcoins32.dll
2013-11-24 13:08:19 ----A---- C:\Windows\system32\hppccompio.dll
2013-11-24 13:08:15 ----A---- C:\Windows\system32\hpcpn108.dll

======List of files/folders modified in the last 1 month======

2013-12-21 11:42:51 ----D---- C:\Windows\Prefetch
2013-12-21 11:42:33 ----RD---- C:\Program Files
2013-12-21 11:42:21 ----D---- C:\Windows\Temp
2013-12-21 11:31:21 ----D---- C:\Windows\Debug
2013-12-21 11:31:21 ----D---- C:\Windows
2013-12-21 11:14:57 ----D---- C:\Windows\System32
2013-12-21 11:14:57 ----D---- C:\Windows\inf
2013-12-21 11:14:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-12-21 11:05:58 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2013-12-21 11:04:35 ----D---- C:\Program Files\Common Files\Akamai
2013-12-21 11:03:17 ----A---- C:\Windows\system32\bscs.ini
2013-12-21 11:02:44 ----D---- C:\ProgramData\NVIDIA
2013-12-21 10:15:43 ----D---- C:\Windows\Minidump
2013-12-21 10:11:19 ----SHD---- C:\System Volume Information
2013-12-16 17:58:26 ----SHD---- C:\Windows\Installer
2013-12-16 17:58:26 ----D---- C:\Config.Msi
2013-12-16 17:57:59 ----D---- C:\Program Files\Google
2013-12-15 12:34:24 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-12-15 03:04:38 ----D---- C:\Windows\system32\MRT
2013-12-15 03:01:16 ----A---- C:\Windows\system32\mrt.exe
2013-12-14 14:40:00 ----D---- C:\ProgramData\DivX
2013-12-14 14:40:00 ----D---- C:\Program Files\Common Files
2013-12-14 14:39:58 ----D---- C:\Program Files\DivX
2013-12-14 10:30:37 ----D---- C:\Windows\system32\drivers\etc
2013-12-14 10:23:12 ----D---- C:\Users\Růžička\AppData\Roaming\Skype
2013-12-08 09:08:25 ----D---- C:\ProgramData
2013-12-07 20:07:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-12-07 16:09:21 ----D---- C:\Windows\system32\drivers
2013-12-07 16:08:21 ----D---- C:\Windows\Tasks
2013-12-07 16:01:47 ----A---- C:\Windows\system.ini
2013-12-07 15:51:13 ----D---- C:\Windows\AppPatch
2013-12-07 14:25:13 ----D---- C:\Windows\system32\Tasks
2013-12-07 11:50:57 ----D---- C:\Windows\winsxs
2013-12-07 11:49:54 ----A---- C:\Windows\system32\aswBoot.exe
2013-12-07 11:34:46 ----D---- C:\ProgramData\AVAST Software
2013-11-30 13:09:48 ----D---- C:\Users\Růžička\AppData\Roaming\calibre
2013-11-26 12:25:54 ----N---- C:\Windows\system32\MpSigStub.exe
2013-11-24 16:52:12 ----D---- C:\PFS6.1HD_TMP
2013-11-24 13:19:20 ----D---- C:\ProgramData\HP
2013-11-24 13:18:36 ----D---- C:\Program Files\HP
2013-11-24 13:18:31 ----D---- C:\Windows\twain_32
2013-11-24 13:10:29 ----D---- C:\Windows\system32\catroot
2013-11-24 13:09:28 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-12-07 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-12-07 178304]
R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2009-06-17 20744]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2008-11-04 83296]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-05 691696]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr.sys [2013-12-07 54832]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-12-07 774392]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-12-07 403440]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-12-07 57672]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 13560]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-12-07 35656]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-12-07 70384]
R3 athr;TP-LINK Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-03-05 695808]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2009-06-17 17928]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2009-06-17 29192]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-12-21 16608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-01-20 2317536]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2009-06-17 25480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-02-25 8939296]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-11-10 135680]
R3 SMARTMouseFilterx86;HID-compliant mouse; C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-04-07 11048]
R3 SMARTVHidMini2000x86;SMART HID Device; C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-04-07 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC; C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-04-07 14336]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-07-23 12178944]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2009-06-17 14856]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2009-06-17 32392]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 asqox364;asqox364; C:\Windows\system32\drivers\asqox364.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2009-07-08 39304]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2011-01-29 20032]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HPFXBULKLEDM;HPFXBULKLEDM; C:\Windows\system32\drivers\hppcbulkio.sys [2011-05-10 20504]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-07 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-09-02 1466476]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
R2 MySQL55;MySQL55; C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=C:\ProgramData\MySQL\MySQL Server 5.5\my.ini MySQL55 []
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 639776]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-09-02 102503]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
S2 HP DS Service;HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
S2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-27 145920]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15 257416]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-26 651720]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-02-20 354816]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]

-----------------EOF-----------------

#14 Příspěvek od **vyosek** » 23 pro 2013 00:03

Problemy stale pretrvavaji?

krbec · #15 Příspěvek od **krbec** » 23 pro 2013 14:44

Dobry den, zda se, ze je jiz vsechno v poradku. Zadne problemy jsem jiz nezaznamenal. Velice dekuji za Vasi odbornou pomoc.

VIRY.CZ

Avast nedokaze najit vir - svchost.exe

Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe

Re: Avast nedokaze najit vir - svchost.exe