Zdravím,
Avast mi objevil rootkit v C:/Program Files/Lenovo/.../SUService.exe mám za to - smazal jsem to
Prosím o kontrolu logu z FRST, děkuji!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by ICISAH (administrator) on ICISAH-E520 on 03-02-2015 17:57:53
Running from C:\Users\ICISAH\Desktop
Loaded Profiles: ICISAH (Available profiles: ICISAH)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Flexera Software, Inc.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Flexera Software, Inc.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Siemens PLM Software Inc.) C:\Program Files\Siemens\PLMLicenseServer\ugslmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Users\ICISAH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(forum.viry.cz) C:\Users\ICISAH\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-01-27] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] ()
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\...\Run: [SkyDrive] => C:\Users\ICISAH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-01-03] (Microsoft Corporation)
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\...\MountPoints2: {6b7eaef2-8843-11e4-9085-f0def17730f0} - G:\SISetup.exe
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\...\MountPoints2: {b4d1e07a-a918-11e4-95a3-402cf453766a} - E:\iLinker.exe
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\...\MountPoints2: {efd3cfc4-7d02-11e4-ba9c-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3684142516-2308995022-981006365-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {673DB5E7-0FD7-4D6F-92B6-44E0D413BDDB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {673DB5E7-0FD7-4D6F-92B6-44E0D413BDDB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {B38E7245-E97E-438A-9926-C5AF0D8A4673} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {B38E7245-E97E-438A-9926-C5AF0D8A4673} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-3684142516-2308995022-981006365-1001 -> DefaultScope {673DB5E7-0FD7-4D6F-92B6-44E0D413BDDB} URL =
SearchScopes: HKU\S-1-5-21-3684142516-2308995022-981006365-1001 -> {673DB5E7-0FD7-4D6F-92B6-44E0D413BDDB} URL =
SearchScopes: HKU\S-1-5-21-3684142516-2308995022-981006365-1001 -> {B38E7245-E97E-438A-9926-C5AF0D8A4673} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\ICISAH\AppData\Roaming\Mozilla\Firefox\Profiles\rrksu6i1.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ICISAH\AppData\Roaming\Mozilla\Firefox\Profiles\rrksu6i1.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml
FF Extension: FireFTP - C:\Users\ICISAH\AppData\Roaming\Mozilla\Firefox\Profiles\rrksu6i1.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-17]
FF Extension: DownloadHelper - C:\Users\ICISAH\AppData\Roaming\Mozilla\Firefox\Profiles\rrksu6i1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-05]
FF Extension: Youtube Downloader - Media Downloader - C:\Users\ICISAH\AppData\Roaming\Mozilla\Firefox\Profiles\rrksu6i1.default\Extensions\paulsaintuzb@gmail.com.xpi [2014-12-05]
FF Extension: Adblock Plus - C:\Users\ICISAH\AppData\Roaming\Mozilla\Firefox\Profiles\rrksu6i1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-06]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\ICISAH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\ICISAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-06]
CHR Extension: (Disk Google) - C:\Users\ICISAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-06]
CHR Extension: (YouTube) - C:\Users\ICISAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-06]
CHR Extension: (Vyhledávání Google) - C:\Users\ICISAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-06]
CHR Extension: (Avast SafePrice) - C:\Users\ICISAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-17]
CHR Extension: (Peněženka Google) - C:\Users\ICISAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-06]
CHR Extension: (Gmail) - C:\Users\ICISAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 Siemens PLM License Server; C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe [1789776 2012-02-19] (Flexera Software, Inc.)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-11-25] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-19] (Symantec Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [13472 2009-10-08] (Headsoft) [File not signed]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 17:57 - 2015-02-03 17:58 - 00021324 _____ () C:\Users\ICISAH\Desktop\FRST.txt
2015-02-03 17:57 - 2015-02-03 17:57 - 00112640 _____ (forum.viry.cz) C:\Users\ICISAH\Desktop\FRSTLauncher.exe
2015-02-03 17:57 - 2015-02-03 17:57 - 00000000 ____D () C:\FRST
2015-02-03 17:56 - 2015-02-03 17:56 - 02131456 _____ (Farbar) C:\Users\ICISAH\Desktop\FRST64.exe
2015-02-02 22:00 - 2015-02-02 22:00 - 08070969 _____ () C:\Users\ICISAH\Downloads\B2-3+_ZKM_SP-DnS(jenTymRes)_Prezentace_Modely_Priklady.zip
2015-02-02 22:00 - 2015-02-02 22:00 - 04506249 _____ () C:\Users\ICISAH\Downloads\B2-2+_ZKM_SP-DnS(jenTymRes)_Prezentace-Postery_Priklady.zip
2015-02-02 21:59 - 2015-02-02 21:59 - 10442490 _____ () C:\Users\ICISAH\Downloads\B1+_ZKM_SP-DnS&KmS_Souhrnn%e1Zprava_Priklady.zip
2015-02-02 21:46 - 2015-02-02 22:05 - 00000000 ____D () C:\Users\ICISAH\Desktop\ZKM_prezentace
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\Users\ICISAH\AppData\Roaming\PSpad
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2015-02-02 19:27 - 2015-02-02 19:27 - 04078315 _____ (Jan Fiala ) C:\Users\ICISAH\Downloads\pspad458inst_cz.exe
2015-02-02 19:11 - 2015-02-02 19:11 - 01884861 _____ () C:\Users\ICISAH\Downloads\juicebox_lite_1.4.3.zip
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\ICISAH\Downloads\juicebox_lite_1.4.3
2015-02-02 18:36 - 2015-02-02 18:40 - 646347507 _____ () C:\Users\ICISAH\Downloads\ebook.part08.rar
2015-02-02 15:41 - 2015-02-02 15:41 - 00000000 ____D () C:\Users\ICISAH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2015-02-02 12:05 - 2010-05-13 15:32 - 772190208 _____ () C:\Users\ICISAH\Desktop\Transformers 1.avi
2015-02-01 19:27 - 2015-02-01 19:27 - 00000918 _____ () C:\Users\ICISAH\Desktop\2015.lnk
2015-01-31 16:43 - 2015-01-31 16:45 - 00000000 ____D () C:\Users\ICISAH\AppData\Local\GHISLER
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\ICISAH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\ICISAH\AppData\Roaming\GHISLER
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2015-01-31 16:42 - 2014-04-23 08:51 - 00000545 _____ () C:\Windows\UC.PIF
2015-01-31 16:42 - 2014-04-23 08:51 - 00000545 _____ () C:\Windows\RAR.PIF
2015-01-31 16:42 - 2014-04-23 08:51 - 00000545 _____ () C:\Windows\PKZIP.PIF
2015-01-31 16:42 - 2014-04-23 08:51 - 00000545 _____ () C:\Windows\PKUNZIP.PIF
2015-01-31 16:42 - 2014-04-23 08:51 - 00000545 _____ () C:\Windows\LHA.PIF
2015-01-31 16:42 - 2014-04-23 08:51 - 00000545 _____ () C:\Windows\ARJ.PIF
2015-01-29 22:36 - 2015-01-29 22:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-27 15:53 - 2015-01-27 15:53 - 00000490 _____ () C:\Users\ICISAH\Downloads\license.r2lic
2015-01-27 15:45 - 2015-01-27 15:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-22 01:06 - 2015-01-22 01:06 - 00000173 _____ () C:\Users\ICISAH\AppData\Local\msmathematics.qat.ICISAH
2015-01-21 18:47 - 2015-01-21 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-bit)
2015-01-21 18:47 - 2015-01-21 18:47 - 00000000 ____D () C:\Program Files\Microsoft Mathematics
2015-01-21 16:08 - 2015-01-21 16:08 - 00000000 ____D () C:\Users\ICISAH\Downloads\cviko_mech2
2015-01-19 09:42 - 2015-01-19 09:44 - 00000000 ____D () C:\Users\ICISAH\Downloads\kr2014
2015-01-19 09:31 - 2015-01-19 09:44 - 00000000 ____D () C:\Users\ICISAH\Desktop\krampus
2015-01-17 15:33 - 2015-01-20 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MITCalc
2015-01-17 15:33 - 2015-01-20 09:54 - 00000000 ____D () C:\Program Files\MITCalc
2015-01-14 09:35 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:35 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:35 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:35 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:35 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:35 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 20:58 - 2015-02-02 11:53 - 00000000 ____D () C:\Users\ICISAH\Downloads\Hoří, má panenko CZ
2015-01-12 17:42 - 2015-01-12 17:50 - 00051200 _____ () C:\Users\ICISAH\Downloads\Dohoda o provedení práce.xls
2015-01-08 12:38 - 2015-01-08 12:38 - 00011073 _____ () C:\Users\ICISAH\Desktop\IN_karta.xlsx
2015-01-05 17:47 - 2015-01-05 17:52 - 122773948 _____ () C:\Users\ICISAH\Desktop\VTS_01_1.avi
2015-01-05 17:39 - 2015-01-05 17:42 - 00000000 ____D () C:\Users\ICISAH\Documents\Freemake
2015-01-05 17:39 - 2015-01-05 17:42 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-05 17:39 - 2015-01-05 17:39 - 00000000 ____D () C:\Users\ICISAH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-05 17:39 - 2015-01-05 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-05 17:39 - 2015-01-05 17:39 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-01-05 15:23 - 2015-01-05 15:43 - 347959296 _____ () C:\Users\ICISAH\Downloads\VTS_01_1.VOB
2015-01-05 10:23 - 2015-01-04 23:04 - 00000000 _____ () C:\Users\ICISAH\Downloads\test.txt
2015-01-04 17:59 - 2015-01-04 18:03 - 40829757 _____ () C:\Users\ICISAH\Desktop\plane.wmv
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 17:53 - 2011-08-02 20:44 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-02-03 17:47 - 2011-08-02 20:43 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-02-03 17:33 - 2011-08-02 20:08 - 00668790 _____ () C:\Windows\system32\perfh005.dat
2015-02-03 17:33 - 2011-08-02 20:08 - 00141418 _____ () C:\Windows\system32\perfc005.dat
2015-02-03 17:33 - 2009-07-14 06:13 - 01583214 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 17:33 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 17:33 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 17:32 - 2011-08-02 20:16 - 01657496 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 17:28 - 2014-12-18 20:04 - 00000000 ____D () C:\Users\ICISAH\.rainlendar2
2015-02-03 17:28 - 2014-12-07 14:04 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-02-03 17:28 - 2014-12-06 09:48 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 17:27 - 2014-12-19 10:10 - 00012530 _____ () C:\Windows\setupact.log
2015-02-03 17:27 - 2014-12-07 14:04 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-03 17:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 21:59 - 2014-12-06 09:48 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 21:25 - 2014-12-07 14:23 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 20:21 - 2014-12-05 20:50 - 00000000 ____D () C:\Users\ICISAH
2015-02-02 19:54 - 2014-12-08 15:48 - 00000000 ____D () C:\Users\ICISAH\AppData\Local\CrashDumps
2015-02-02 15:42 - 2014-12-07 14:11 - 00000000 ____D () C:\Users\ICISAH\AppData\Roaming\vlc
2015-02-02 12:18 - 2014-12-18 23:02 - 00000000 ____D () C:\Users\ICISAH\Desktop\Programy
2015-02-02 12:10 - 2014-12-11 15:31 - 00000000 ____D () C:\Users\ICISAH\AppData\Roaming\AIMP3
2015-02-01 11:17 - 2014-12-19 20:01 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for ICISAH.job
2015-01-31 16:27 - 2014-12-10 18:46 - 00000000 ____D () C:\Users\ICISAH\FOTO
2015-01-30 05:24 - 2014-12-19 10:10 - 00001804 _____ () C:\Windows\PFRO.log
2015-01-29 22:37 - 2014-12-05 21:58 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-29 22:36 - 2014-12-05 21:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-29 22:36 - 2014-12-05 21:56 - 00000000 ____D () C:\Users\ICISAH\AppData\Roaming\Adobe
2015-01-29 22:35 - 2014-12-07 14:14 - 00000000 ____D () C:\Users\ICISAH\AppData\Local\Adobe
2015-01-28 16:23 - 2014-12-05 21:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 18:25 - 2014-12-07 14:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 18:25 - 2014-12-07 14:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 18:25 - 2014-12-07 14:23 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 09:46 - 2014-12-06 09:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-22 23:00 - 2014-12-06 12:41 - 01558136 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-22 00:37 - 2014-12-07 13:54 - 00000000 ____D () C:\Users\ICISAH\AppData\Local\Microsoft Help
2015-01-14 09:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 15:14 - 2014-12-19 20:02 - 00000000 ____D () C:\Users\ICISAH\AppData\Local\JDownloader v2.0
2015-01-11 11:24 - 2014-12-24 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-10 08:50 - 2014-12-24 13:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-01-22 01:06 - 2015-01-22 01:06 - 0000173 _____ () C:\Users\ICISAH\AppData\Local\msmathematics.qat.ICISAH
Some content of TEMP:
====================
C:\Users\ICISAH\AppData\Local\Temp\130634891842437296.exe
C:\Users\ICISAH\AppData\Local\Temp\13063489188381966383.exe
C:\Users\ICISAH\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\ICISAH\AppData\Local\Temp\proxy_vole8278995646865147088.dll
C:\Users\ICISAH\AppData\Local\Temp\siinst.exe
C:\Users\ICISAH\AppData\Local\Temp\strings.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for ICISAH.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\ICISAH\Desktop" je 2862 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Avast našel rootkit - prosím o konstrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Avast našel rootkit - prosím o konstrolu
- Přílohy
-
- Addition.zip
- Adition.txt z FRST
- (9.17 KiB) Staženo 74 x
HASIČI!!!
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Avast našel rootkit - prosím o konstrolu
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?