prosím o kontrolu, avast detekuje js:downloader-zy

Zpráva

balec · #1 Příspěvek od **balec** » 14 zář 2014 22:19

info.txt logfile of random's system information tool 1.10 2014-09-14 23:15:25

======MBR======

0x33C08ED0BC007CFB5007501FFCBE1B7CBF1B065057B9E501F3A4CBBDBE07B104386E007C09751383C510E2F4CD188BF583C610497419382C74F6A0B507B4078BF0AC3C0074FCBB0700B40ECD10EBF2884E10E84600732AFE4610807E040B740B807E040C7405A0B60775D2804602068346080683560A00E821007305A0B607EBBC813EFE7D55AA740B807E100074C8A0B707EBA98BFC1E578BF5CBBF05008A5600B408CD1372238AC1243F988ADE8AFC43F7E38BD186D6B106D2EE42F7E239560A77237205394608731CB80102BB007C8B4E028B5600CD1373514F744E32E48A5600CD13EBE48A560060BBAA55B441CD13723681FB55AA7530F6C101742B61606A006A00FF760AFF76086A0068007C6A016A10B4428BF4CD136161730E4F740B32E48A5600CD13EBD661F9C34E65706C61746EA020746162756C6B61206F6464A16C850043687962612070FD69206E619FA174A06EA1206F706572619F6EA1686F2073797374826D75004F706572619F6EA12073797374826D206E656E616C657A656E00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002C446A93E293E200008001010007FEFFFF3F0000008DF2340C0000C1FF0FFEFFFFCCF2340C34A50D19000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->C:\DOCUME~1\ALLUSE~1\DATAAP~1\INSTAL~1\{634D3~1\Setup.exe /remove /q0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 14 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_179_Plugin.exe -maintain plugin
Adobe Reader 9.5.5 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A95000000001}
Adobe Shockwave Player 12.1-->"C:\WINDOWS\system32\Adobe\Shockwave 12\uninstaller.exe"
Advanced SystemCare 7-->"C:\Program Files\IObit\Advanced SystemCare 7\unins000.exe"
Aktualizace systému Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 8 (KB2632503)-->"C:\WINDOWS\ie8updates\KB2632503-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2898785)-->"C:\WINDOWS\ie8updates\KB2898785-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909210)-->"C:\WINDOWS\ie8updates\KB2909210-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909921)-->"C:\WINDOWS\ie8updates\KB2909921-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2925418)-->"C:\WINDOWS\ie8updates\KB2925418-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2936068)-->"C:\WINDOWS\ie8updates\KB2936068-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2964358)-->"C:\WINDOWS\ie8updates\KB2964358-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
Balíček zprostředkovatele služby Microsoft Base Smart Card Cryptographic Service-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}
Game Booster 3-->"C:\Program Files\IObit\Game Booster 3\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet 1050 J410 series Nápověda-->MsiExec.exe /I{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}
HP Update-->MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2}
Hurrican 1.0.0.1-->"E:\Program Files\Hurrican\unins000.exe"
IObit Uninstaller-->"C:\Program Files\IObit\IObit Uninstaller\UninstallDisplay.exe" uninstall_start
Java 7 Update 55-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217055FF}
K-Lite Mega Codec Pack 10.4.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2833941)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2833941\M2833941Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Mozilla Firefox 33.0 (x86 cs)-->"D:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
OpenArena 0.6.0-->"C:\Program Files\OpenArena\unins000.exe"
OpenOffice 4.0.1-->MsiExec.exe /I{220C463A-2890-4C7F-B97C-C49FE175B849}
Paint.NET v3.5.11-->MsiExec.exe /X{72EF03F5-0507-4861-9A44-D99FD4C41417}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Realtek HDMI Audio Driver for ATI-->RtaUpd.exe -k -m -nrg2709
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {48B0C142-A0F4-3263-90E1-1984CBB8DD18} /qb+ REBOOTPROMPT=""
Smart Defrag 3-->"C:\Program Files\IObit\Smart Defrag 3\unins000.exe"
Studie vylepšování produktu HP Deskjet 1050 J410 series-->MsiExec.exe /I{FE07FFDF-A5A8-4E6B-A8A6-6CDF3BFE11BA}
Surfing Protection-->"C:\Program Files\IObit\Surfing Protection\unins000.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR 5.01 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
Základní software zařízení HP Deskjet 1050 J410 series-->MsiExec.exe /I{A06FEB5A-A750-4D31-9264-4F3224C1FC03}

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: HAL3000
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Zastaveno

Record Number: 1120
Source Name: Service Control Manager
Time Written: 20140902112042.000000+120
Event Type: Informace
User:

Computer Name: HAL3000
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Spuštěno

Record Number: 1119
Source Name: Service Control Manager
Time Written: 20140902112035.000000+120
Event Type: Informace
User:

Computer Name: HAL3000
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba modelu COM pro zápis na disk CD (IMAPI) úspěšně odeslán.

Record Number: 1118
Source Name: Service Control Manager
Time Written: 20140902112035.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HAL3000
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Zastaveno

Record Number: 1117
Source Name: Service Control Manager
Time Written: 20140902112005.000000+120
Event Type: Informace
User:

Computer Name: HAL3000
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Spuštěno

Record Number: 1116
Source Name: Service Control Manager
Time Written: 20140902111959.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: HAL3000
Event Code: 1517
Message: Systém Windows uložil registr uživatele HAL3000\Owner, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 5
Source Name: Userenv
Time Written: 20140829063629.000000+120
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

Computer Name: HAL3000
Event Code: 2002
Message: Nelze otevřít službu přesměrovače. Data o výkonu přesměrovače nejsou
k dispozici.Vrácený chybový kód je v datech DWORD 0.

Record Number: 4
Source Name: PerfNet
Time Written: 20140829062921.000000+120
Event Type: Chyba
User:

Computer Name: HAL3000
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20140829062920.000000+120
Event Type: Informace
User:

Computer Name: HAL3000
Event Code: 1516
Message: Systém Windows uvolnil registr uživatele HAL3000\Owner po přijetí oznámení, že žádné jiné aplikace nebo služby tento profil nepoužívají.

Record Number: 2
Source Name: Userenv
Time Written: 20140829014735.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HAL3000
Event Code: 1517
Message: Systém Windows uložil registr uživatele HAL3000\Owner, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 1
Source Name: Userenv
Time Written: 20140829014734.000000+120
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 15 zář 2014 07:12

Zdravim

Dejte sem log c:\rsit\log.txt

balec · #3 Příspěvek od **balec** » 15 zář 2014 18:18

zkusil jsem použít adwcleaner, avst již nevyhazuje hlášku o js:downloader-zy, přesto log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2014-09-15 19:15:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 79 GB (79%) free of 100 GB
Total RAM: 1023 MB (43% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\DriverDoc_UPDATES.job
C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\SmartDefrag3_Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-04-23 752960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-12 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-15 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
Ads Removal - C:\Program Files\IObit\Smart Defrag 3\adsremoval\IE\Adblock.dll [2014-06-11 464720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-12 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{10921475-03CE-4E04-90CE-E2E7EF20C814} - ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-04-23 752960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 98304]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31 4085896]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASC.exe]
C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-03-10 4469536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\program files\hp\hp software update\hpwuschd2.exe [2013-05-30 96056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\rthdcpl.exe [2013-10-04 20145368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Nabídka Start^Programy^Po spuštění^Sledovat výstrahy inkoustu - HP Deskjet 1050 J410 series.lnk]
C:\WINDOWS\system32\RunDll32.exe [2008-04-14 33280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-11-16 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\OpenArena\ioquake3.x86.exe"="C:\Program Files\OpenArena\ioquake3.x86.exe:*:Enabled:ioquake3.x86"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2014-09-14 23:15:13 ----D---- C:\rsit
2014-09-14 23:15:13 ----D---- C:\Program Files\trend micro
2014-09-14 23:00:57 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-09-14 22:58:53 ----D---- C:\AdwCleaner
2014-09-14 22:14:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-09-12 18:51:34 ----A---- C:\Documents and Settings\Owner\Data aplikací\LVX.exe
2014-09-12 18:51:13 ----A---- C:\Documents and Settings\Owner\Data aplikací\OQTCEB.exe
2014-08-21 06:23:14 ----D---- C:\WINDOWS\Hewlett-Packard
2014-08-17 14:59:51 ----A---- C:\WINDOWS\SchedLgU.Txt

======List of files/folders modified in the last 1 months======

2014-09-15 16:25:23 ----D---- C:\WINDOWS\Prefetch
2014-09-15 15:41:59 ----D---- C:\WINDOWS\Temp
2014-09-14 23:34:11 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-14 23:15:13 ----D---- C:\Program Files
2014-09-14 23:00:57 ----D---- C:\WINDOWS\system32
2014-09-14 22:35:18 ----D---- C:\WINDOWS\system32\drivers
2014-09-14 22:30:54 ----D---- C:\WINDOWS\system32\CatRoot2
2014-09-14 22:22:11 ----RSD---- C:\WINDOWS\Fonts
2014-09-14 16:46:47 ----D---- C:\WINDOWS\system32\config
2014-09-14 08:39:51 ----D---- C:\WINDOWS\SoftwareDistribution
2014-09-14 08:39:02 ----D---- C:\WINDOWS
2014-09-14 08:38:51 ----D---- C:\WINDOWS\Debug
2014-09-14 00:24:50 ----SD---- C:\WINDOWS\Tasks
2014-09-13 11:36:14 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-09-12 18:51:32 ----SHD---- C:\WINDOWS\Installer
2014-09-12 18:51:32 ----D---- C:\Program Files\Google
2014-09-11 07:23:58 ----D---- C:\WINDOWS\system32\MRT
2014-09-11 07:21:53 ----A---- C:\WINDOWS\system32\MRT.exe
2014-08-28 07:38:00 ----D---- C:\Documents and Settings\Owner\Data aplikací\HpUpdate
2014-08-26 09:50:28 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-08-21 06:23:47 ----D---- C:\Config.Msi
2014-08-21 06:23:42 ----D---- C:\Program Files\HP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-07-15 55112]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-07-15 779536]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-07-15 414520]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-07-15 57800]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-07-15 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-07-15 67824]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-11-16 7874560]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2014-05-16 5630168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2014-05-16 4125352]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 iSafeNetFilter;iSafeNetFilter NDIS Driver; \??\C:\Program Files\iSafe\iSafeNetFilter.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2014-05-16 1691480]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2014-05-16 1395800]
S3 MSICPL;MSICPL; \??\G:\install4\MSICPL.sys []
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2014-05-16 419160]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [2014-01-14 881952]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-11-16 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-15 50344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-05-12 182696]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-13 114288]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 15 zář 2014 18:34

Jeste je tam toho hodne

Odinstalujte Advanced SystemCare a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

balec · #5 Příspěvek od **balec** » 15 zář 2014 22:34

Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by Owner on po 15.09.2014 at 23:17:30,00.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Owner\Plocha\zoek.com [Scan all users] [Script inserted]

==== System Restore Info ======================

15.9.2014 23:18:44 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-484763869-1606980848-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611331115} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611331115} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iSafeNetFilter deleted successfully

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\DATAAP~1\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Documents and Settings\Owner\AppData\LocalLow\{2D4F9148-498A-7D0C-D79A-B860A9BCCE6E} deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\a3f2a21051a3e5f9 deleted
C:\Program Files\ComPlus Applications deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ProductData deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallMate deleted
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job deleted
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\tasks\At3.job deleted
C:\WINDOWS\tasks\At4.job deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [15.07.2014 11:41]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[15.07.2014 11:41]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTer ... DF&PC=AV01"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1 ... XX9QFALV3W"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.istartsurf.com/web/?type=ds& ... earchTerms}"
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1 ... XX9QFALV3W"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1 ... XX9QFALV3W"
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds& ... earchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.istartsurf.com/web/?type=ds& ... earchTerms}"
"CustomizeSearch"="http://www.istartsurf.com/web/?type=ds& ... earchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTer ... DF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... d=ie7&rlz="

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASC.exe deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Owner\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=27 folders=8 3012573 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Owner\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on po 15.09.2014 at 23:32:50,45 ======================

#6 Příspěvek od **vyosek** » 16 zář 2014 05:24

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

balec · #7 Příspěvek od **balec** » 16 zář 2014 05:47

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Owner (administrator) on HAL3000 on 16-09-2014 06:44:54
Running from C:\Documents and Settings\Owner\Dokumenty\Stažené soubory
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX9QFALV3W
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 1281687890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1303238859

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\r73wmk2t.default-1403200997109
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Quick Translator - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\r73wmk2t.default-1403200997109\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-06-19]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\r73wmk2t.default-1403200997109\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-01]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-09-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-12] (Oracle Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-05-16] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-15] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-15] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-05-16] (Creative Technology Ltd.)
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [4125352 2014-05-16] (Realtek Semiconductor Corp.)
S3 rtl8029; C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [19017 2001-08-17] (Realtek Semiconductor Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit)
S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 MSICPL; \??\G:\install4\MSICPL.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\G:\NTGLM7X.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 06:44 - 2014-09-16 06:44 - 00029696 _____ () C:\Documents and Settings\Owner\Local Settings\Data aplikací\MSGBOX.EXE
2014-09-16 06:44 - 2014-09-16 06:44 - 00015327 _____ () C:\Documents and Settings\Owner\Plocha\LM.bat
2014-09-16 06:41 - 2014-09-16 06:45 - 00000000 ____D () C:\FRST
2014-09-15 23:31 - 2014-09-16 06:45 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-09-15 23:31 - 2014-02-13 23:59 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-09-15 23:18 - 2014-09-15 23:32 - 00008203 _____ () C:\zoek-results.log
2014-09-15 23:17 - 2014-09-15 23:27 - 00000000 ____D () C:\zoek_backup
2014-09-15 23:16 - 2014-09-15 23:16 - 00000000 ___HD () C:\WINDOWS\PIF
2014-09-14 23:15 - 2014-09-15 19:15 - 00000000 ____D () C:\Program Files\trend micro
2014-09-14 23:15 - 2014-09-14 23:15 - 00000000 ____D () C:\rsit
2014-09-14 23:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-14 22:58 - 2014-09-14 23:01 - 00000000 ____D () C:\AdwCleaner
2014-09-14 22:14 - 2014-09-14 22:14 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-09-14 08:39 - 2014-09-16 06:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-12 18:51 - 2014-09-12 18:51 - 01923944 _____ (home) C:\Documents and Settings\Owner\Data aplikací\OQTCEB.exe
2014-09-12 18:51 - 2014-09-12 18:51 - 01471336 _____ (home) C:\Documents and Settings\Owner\Data aplikací\LVX.exe
2014-09-09 21:49 - 2014-09-09 22:03 - 00000000 ____D () C:\Documents and Settings\Owner\Plocha\kačka-příměstský tábor 2014
2014-09-04 04:03 - 2014-09-16 06:33 - 00000278 _____ () C:\WINDOWS\Tasks\SmartDefrag3_Update.job
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Documents and Settings\Owner\Data aplikací\LVX
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Documents and Settings\Owner\Data aplikací\OQTCEB
2014-08-21 06:23 - 2014-08-21 06:23 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-08-17 14:59 - 2014-09-16 06:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-17 14:59 - 2014-09-16 01:04 - 00032580 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-17 14:59 - 2014-09-14 08:38 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 06:45 - 2014-09-16 06:41 - 00000000 ____D () C:\FRST
2014-09-16 06:45 - 2014-09-15 23:31 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-09-16 06:44 - 2014-09-16 06:44 - 00029696 _____ () C:\Documents and Settings\Owner\Local Settings\Data aplikací\MSGBOX.EXE
2014-09-16 06:44 - 2014-09-16 06:44 - 00015327 _____ () C:\Documents and Settings\Owner\Plocha\LM.bat
2014-09-16 06:44 - 2014-02-01 20:07 - 00000000 ____D () C:\Documents and Settings\Owner\Dokumenty\Stažené soubory
2014-09-16 06:44 - 2014-02-01 19:09 - 00000000 ___HD () C:\Documents and Settings\Owner\Local Settings\Data aplikací
2014-09-16 06:44 - 2014-02-01 19:09 - 00000000 ____D () C:\Documents and Settings\Owner\Plocha
2014-09-16 06:38 - 2014-02-01 20:24 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-16 06:34 - 2014-02-01 19:05 - 01212308 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-16 06:33 - 2014-09-14 08:39 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-16 06:33 - 2014-09-04 04:03 - 00000278 _____ () C:\WINDOWS\Tasks\SmartDefrag3_Update.job
2014-09-16 06:33 - 2014-08-17 14:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-16 06:33 - 2014-04-25 20:42 - 00000278 _____ () C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job
2014-09-16 06:33 - 2014-03-14 22:14 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-16 06:33 - 2014-02-01 19:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-16 01:04 - 2014-08-17 14:59 - 00032580 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-16 01:04 - 2014-04-23 23:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-09-16 01:04 - 2014-04-23 23:43 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-09-16 01:04 - 2014-02-02 03:11 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-09-16 01:04 - 2014-02-01 19:49 - 00065536 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-09-16 01:04 - 2014-02-01 19:09 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-09-16 00:11 - 2014-06-15 23:33 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-15 23:43 - 2014-02-01 19:58 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-15 23:41 - 2014-05-16 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Smart Defrag 3
2014-09-15 23:41 - 2014-02-01 19:09 - 00000000 ____D () C:\Documents and Settings\Owner
2014-09-15 23:35 - 2014-02-01 23:14 - 00000000 ___RD () C:\Documents and Settings\Owner\Plocha\HRY
2014-09-15 23:32 - 2014-09-15 23:18 - 00008203 _____ () C:\zoek-results.log
2014-09-15 23:27 - 2014-09-15 23:17 - 00000000 ____D () C:\zoek_backup
2014-09-15 23:27 - 2014-02-01 19:58 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-15 23:16 - 2014-09-15 23:16 - 00000000 ___HD () C:\WINDOWS\PIF
2014-09-15 23:10 - 2014-02-01 19:58 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-09-15 19:15 - 2014-09-14 23:15 - 00000000 ____D () C:\Program Files\trend micro
2014-09-14 23:34 - 2014-02-01 21:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-14 23:34 - 2014-02-01 21:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-14 23:15 - 2014-09-14 23:15 - 00000000 ____D () C:\rsit
2014-09-14 23:03 - 2014-02-01 19:58 - 00126912 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-14 23:01 - 2014-09-14 22:58 - 00000000 ____D () C:\AdwCleaner
2014-09-14 23:01 - 2014-04-23 23:01 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací
2014-09-14 23:01 - 2014-04-23 23:01 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací
2014-09-14 23:01 - 2014-04-23 23:01 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Data aplikací
2014-09-14 23:01 - 2014-04-23 23:01 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Data aplikací
2014-09-14 23:01 - 2014-04-23 23:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-09-14 23:01 - 2014-02-01 19:09 - 00000000 ____D () C:\Documents and Settings\Owner\Data aplikací
2014-09-14 22:35 - 2014-02-01 19:58 - 00000000 __RHD () C:\Documents and Settings\Default User\Data aplikací
2014-09-14 22:35 - 2014-02-01 19:58 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-09-14 22:22 - 2014-02-01 19:49 - 00019568 _____ () C:\Documents and Settings\Owner\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-09-14 22:14 - 2014-09-14 22:14 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-09-14 08:38 - 2014-08-17 14:59 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-09-14 00:21 - 2014-04-23 23:37 - 20905984 _____ () C:\WINDOWS\system32\config\software.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00249856 _____ () C:\WINDOWS\system32\config\default.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-09-14 00:21 - 2014-02-01 19:09 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-09-14 00:21 - 2014-02-01 19:09 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-13 11:36 - 2014-02-06 16:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-12 18:57 - 2014-02-01 19:09 - 00000000 ____D () C:\Documents and Settings\Owner\Nabídka Start\Programy
2014-09-12 18:51 - 2014-09-12 18:51 - 01923944 _____ (home) C:\Documents and Settings\Owner\Data aplikací\OQTCEB.exe
2014-09-12 18:51 - 2014-09-12 18:51 - 01471336 _____ (home) C:\Documents and Settings\Owner\Data aplikací\LVX.exe
2014-09-12 18:51 - 2014-02-01 20:17 - 00000000 ____D () C:\Program Files\Google
2014-09-11 07:23 - 2014-02-06 19:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 07:21 - 2014-02-06 19:08 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-09 22:03 - 2014-09-09 21:49 - 00000000 ____D () C:\Documents and Settings\Owner\Plocha\kačka-příměstský tábor 2014
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Documents and Settings\Owner\Data aplikací\LVX
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Documents and Settings\Owner\Data aplikací\OQTCEB
2014-08-28 07:38 - 2014-02-01 21:51 - 00000000 ____D () C:\Documents and Settings\Owner\Data aplikací\HpUpdate
2014-08-27 20:45 - 2014-02-01 21:45 - 00000266 _____ () C:\WINDOWS\Tasks\DriverDoc_UPDATES.job
2014-08-21 14:16 - 2014-02-21 20:29 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Data aplikací\Paint.NET
2014-08-21 06:23 - 2014-08-21 06:23 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-08-21 06:23 - 2014-02-01 21:51 - 00000000 ____D () C:\Program Files\HP
2014-08-21 06:23 - 2014-02-01 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\HP

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#8 Příspěvek od **vyosek** » 16 zář 2014 15:46

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX9QFALV3W
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

DisableServices: JavaQuickStarterService

R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit)
S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 MSICPL; \??\G:\install4\MSICPL.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\G:\NTGLM7X.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]
U1 WS2IFSL; No ImagePath

C:\Program Files\IObit
2014-09-16 06:44 - 2014-09-16 06:44 - 00029696 _____ () C:\Documents and Settings\Owner\Local Settings\Data aplikací\MSGBOX.EXE
2014-09-16 06:44 - 2014-09-16 06:44 - 00015327 _____ () C:\Documents and Settings\Owner\Plocha\LM.bat
2014-09-15 23:31 - 2014-02-13 23:59 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-09-15 23:18 - 2014-09-15 23:32 - 00008203 _____ () C:\zoek-results.log
2014-09-15 23:17 - 2014-09-15 23:27 - 00000000 ____D () C:\zoek_backup
2014-09-14 23:15 - 2014-09-15 19:15 - 00000000 ____D () C:\Program Files\trend micro
2014-09-14 23:15 - 2014-09-14 23:15 - 00000000 ____D () C:\rsit
2014-09-14 23:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-14 22:58 - 2014-09-14 23:01 - 00000000 ____D () C:\AdwCleaner
2014-09-14 08:39 - 2014-09-16 06:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-12 18:51 - 2014-09-12 18:51 - 01923944 _____ (home) C:\Documents and Settings\Owner\Data aplikací\OQTCEB.exe
2014-09-12 18:51 - 2014-09-12 18:51 - 01471336 _____ (home) C:\Documents and Settings\Owner\Data aplikací\LVX.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Documents and Settings\Owner\Data aplikací\LVX
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Documents and Settings\Owner\Data aplikací\OQTCEB
2014-09-14 00:21 - 2014-04-23 23:37 - 20905984 _____ () C:\WINDOWS\system32\config\software.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00249856 _____ () C:\WINDOWS\system32\config\default.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\DriverDoc_UPDATES.job
C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\SmartDefrag3_Update.job

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASC.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

balec · #9 Příspěvek od **balec** » 16 zář 2014 16:06

nechápu, jak přesunout fixlist.txt vedle frst.............kam přesně ho mám dát?

#10 Příspěvek od **vyosek** » 16 zář 2014 16:12

FRST mate ulozene zde Running from C:\Documents and Settings\Owner\Dokumenty\Stažené soubory takze fixlist ulozte tez do tech Stazenych souboru

balec · #11 Příspěvek od **balec** » 16 zář 2014 16:23

dík za radu, tady log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Owner at 2014-09-16 17:17:53 Run:1
Running from C:\Documents and Settings\Owner\Dokumenty\Stažené soubory
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX9QFALV3W
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

DisableServices: JavaQuickStarterService

R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit)
S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 MSICPL; \??\G:\install4\MSICPL.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\G:\NTGLM7X.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]
U1 WS2IFSL; No ImagePath

C:\Program Files\IObit
2014-09-16 06:44 - 2014-09-16 06:44 - 00029696 _____ () C:\Documents and Settings\Owner\Local Settings\Data aplikací\MSGBOX.EXE
2014-09-16 06:44 - 2014-09-16 06:44 - 00015327 _____ () C:\Documents and Settings\Owner\Plocha\LM.bat
2014-09-15 23:31 - 2014-02-13 23:59 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-09-15 23:18 - 2014-09-15 23:32 - 00008203 _____ () C:\zoek-results.log
2014-09-15 23:17 - 2014-09-15 23:27 - 00000000 ____D () C:\zoek_backup
2014-09-14 23:15 - 2014-09-15 19:15 - 00000000 ____D () C:\Program Files\trend micro
2014-09-14 23:15 - 2014-09-14 23:15 - 00000000 ____D () C:\rsit
2014-09-14 23:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-14 22:58 - 2014-09-14 23:01 - 00000000 ____D () C:\AdwCleaner
2014-09-14 08:39 - 2014-09-16 06:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-12 18:51 - 2014-09-12 18:51 - 01923944 _____ (home) C:\Documents and Settings\Owner\Data aplikací\OQTCEB.exe
2014-09-12 18:51 - 2014-09-12 18:51 - 01471336 _____ (home) C:\Documents and Settings\Owner\Data aplikací\LVX.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Documents and Settings\Owner\Data aplikací\LVX
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Documents and Settings\Owner\Data aplikací\OQTCEB
2014-09-14 00:21 - 2014-04-23 23:37 - 20905984 _____ () C:\WINDOWS\system32\config\software.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00249856 _____ () C:\WINDOWS\system32\config\default.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-09-14 00:21 - 2014-04-23 23:37 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\DriverDoc_UPDATES.job
C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\SmartDefrag3_Update.job

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASC.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully.
"HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully.
"HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
DisableServices: JavaQuickStarterService => Error: No automatic fix found for this entry.
SmartDefragDriver => Service stopped successfully.
SmartDefragDriver => Service deleted successfully.
GMSIPCI => Service deleted successfully.
IntelIde => Service deleted successfully.
MSICPL => Service deleted successfully.
ScsiPort => Service deleted successfully.
SetupNTGLM7X => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
"C:\Program Files\IObit" => File/Directory not found.
C:\Documents and Settings\Owner\Local Settings\Data aplikací\MSGBOX.EXE => Moved successfully.
C:\Documents and Settings\Owner\Plocha\LM.bat => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\WINDOWS\system32\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
Could not move "C:\WINDOWS\wiadebug.log" => Scheduled to move on reboot.
C:\Documents and Settings\Owner\Data aplikací\OQTCEB.exe => Moved successfully.
C:\Documents and Settings\Owner\Data aplikací\LVX.exe => Moved successfully.
C:\Documents and Settings\Owner\Data aplikací\LVX => Moved successfully.
C:\Documents and Settings\Owner\Data aplikací\OQTCEB => Moved successfully.
C:\WINDOWS\system32\config\software.iobit => Moved successfully.
C:\WINDOWS\system32\config\default.iobit => Moved successfully.
C:\WINDOWS\system32\config\SECURITY.iobit => Moved successfully.
C:\WINDOWS\system32\config\SAM.iobit => Moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job => Moved successfully.
"C:\WINDOWS\tasks\At1.job" => File/Directory not found.
"C:\WINDOWS\tasks\At2.job" => File/Directory not found.
"C:\WINDOWS\tasks\At3.job" => File/Directory not found.
"C:\WINDOWS\tasks\At4.job" => File/Directory not found.
C:\WINDOWS\tasks\avast! Emergency Update.job => Moved successfully.
C:\WINDOWS\tasks\DriverDoc_UPDATES.job => Moved successfully.
C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job => Moved successfully.
"C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job" => File/Directory not found.
"C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job" => File/Directory not found.
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\tasks\SmartDefrag3_Update.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASC.exe" /f =========

Chyba: Systém nenalezl zadaný klíč registru nebo požadovanou hodnotu.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

Hosts was reset successfully.
EmptyTemp: => Removed 204.2 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-16 17:21:36)<=

"C:\WINDOWS\wiadebug.log" => File could not move.

==== End of Fixlog ====

#12 Příspěvek od **vyosek** » 16 zář 2014 16:38

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

balec · #13 Příspěvek od **balec** » 16 zář 2014 17:44

Díky za pomoc a Váš čas

#14 Příspěvek od **vyosek** » 16 zář 2014 21:19

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

prosím o kontrolu, avast detekuje js:downloader-zy

prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy

Re: prosím o kontrolu, avast detekuje js:downloader-zy