VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by Moje at 2013-08-25 09:41:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (25%) free of 80 GB
Total RAM: 1023 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:41:56, on 25.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Moje\Plocha\RSIT.exe
C:\Program Files\trend micro\Moje.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-299502267-1682526488-839522115-1186\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BCBBD7-2EF1-42B7-83B1-88D0540A2E83}: NameServer = 192.168.150.237,194.228.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5242 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Moje\Data aplikací\Mozilla\Firefox\Profiles\5j9k0zkx.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
NPOFFICE.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Moje\Data aplikací\Mozilla\Firefox\Profiles\5j9k0zkx.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-08-03 13892200]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-07-05 1632360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-05-03 17355912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"C:\Program Files\DrivingSpeed2\DrivingSpeed.exe"="C:\Program Files\DrivingSpeed2\DrivingSpeed.exe:*:Disabled:Driving Speed Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\MSI\MyGuard Live Mobile\MyGuard Live.exe"="C:\Program Files\MSI\MyGuard Live Mobile\MyGuard Live.exe:*:Disabled:MyGuard"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 month======

2013-08-24 12:11:33 ----D---- C:\AdwCleaner
2013-08-24 09:27:41 ----D---- C:\Documents and Settings\Moje\Data aplikací\Malwarebytes
2013-08-24 09:27:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-08-22 12:55:09 ----D---- C:\rsit
2013-08-22 12:55:09 ----D---- C:\Program Files\trend micro
2013-08-22 12:44:35 ----D---- C:\Program Files\HD Tune
2013-08-22 12:43:01 ----ASH---- C:\pagefile.sys
2013-08-22 11:42:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2013-08-22 11:42:36 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2013-08-22 11:42:35 ----A---- C:\WINDOWS\system32\nvcpl.dll
2013-08-22 11:42:35 ----A---- C:\WINDOWS\system32\nvcolor.exe
2013-08-22 11:42:34 ----A---- C:\WINDOWS\system32\nvmctray.dll
2013-08-22 11:42:33 ----A---- C:\WINDOWS\system32\nvwddi.dll
2013-08-22 11:42:33 ----A---- C:\WINDOWS\system32\easyupdatusapiu.dll
2013-08-22 11:41:59 ----A---- C:\WINDOWS\system32\OpenCL.dll
2013-08-22 11:41:58 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2013-08-22 11:41:58 ----A---- C:\WINDOWS\system32\nvgenco32.dll
2013-08-22 11:41:58 ----A---- C:\WINDOWS\system32\nvdispco32.dll
2013-08-22 11:41:58 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2013-08-22 11:41:58 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2013-08-22 11:41:58 ----A---- C:\WINDOWS\system32\nvcuda.dll
2013-08-22 11:41:58 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2013-08-22 11:41:58 ----A---- C:\WINDOWS\system32\nvapi.dll
2013-08-22 11:41:57 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2013-08-22 11:41:57 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2013-08-22 11:20:24 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2013-08-22 11:16:16 ----D---- C:\NVIDIA
2013-08-22 10:55:52 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2013-08-22 10:31:14 ----SHD---- C:\WINDOWS\CSC
2013-08-14 19:35:40 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 month======

2013-08-25 09:41:08 ----A---- C:\WINDOWS\NeroDigital.ini
2013-08-25 09:39:49 ----D---- C:\WINDOWS\system32
2013-08-25 09:12:00 ----D---- C:\WINDOWS\system32\drivers
2013-08-25 09:10:46 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-25 09:10:18 ----D---- C:\WINDOWS\Prefetch
2013-08-25 09:09:06 ----D---- C:\WINDOWS\Temp
2013-08-24 14:30:13 ----D---- C:\Program Files\Mozilla Firefox
2013-08-24 13:30:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-24 12:11:03 ----RD---- C:\Program Files
2013-08-24 09:25:10 ----D---- C:\WINDOWS
2013-08-22 12:09:25 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-22 11:51:26 ----HD---- C:\WINDOWS\inf
2013-08-22 11:42:49 ----D---- C:\Documents and Settings
2013-08-22 11:42:45 ----D---- C:\Program Files\NVIDIA Corporation
2013-08-22 11:42:43 ----D---- C:\WINDOWS\Help
2013-08-22 11:42:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-08-22 11:25:14 ----D---- C:\Documents and Settings\Moje\Data aplikací\Skype
2013-08-22 11:15:26 ----SH---- C:\boot.ini
2013-08-22 11:15:26 ----A---- C:\WINDOWS\win.ini
2013-08-22 11:15:26 ----A---- C:\WINDOWS\system.ini
2013-08-22 10:55:39 ----SHD---- C:\WINDOWS\Installer
2013-08-22 10:55:39 ----SHD---- C:\Config.Msi
2013-08-22 10:55:35 ----RD---- C:\Program Files\Skype
2013-08-14 19:37:40 ----D---- C:\WINDOWS\system32\config
2013-08-14 19:37:18 ----D---- C:\WINDOWS\system32\wbem
2013-08-14 19:37:17 ----D---- C:\WINDOWS\Registration
2013-08-14 19:35:40 ----D---- C:\Program Files\Common Files
2013-08-14 19:35:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-08-14 19:35:16 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-08-14 19:33:53 ----D---- C:\WINDOWS\system32\Restore
2013-08-08 23:07:53 ----SD---- C:\WINDOWS\Tasks
2013-08-08 23:05:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-08-01 12:21:45 ----D---- C:\Documents

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-06-27 175176]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-09-27 717296]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-06-27 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-06-27 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 khips;khips; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-08-03 12542592]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\F:\moje data\programy\test.programy\everestultimate420\kerneld.wnt []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera; C:\WINDOWS\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 449408]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 ezGOSvc;Easybits GO Services for Windows; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-08-03 146024]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-05-03 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-04 129976]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands) Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33381 bytes

User: Moje
->Temp folder emptied: 603195 bytes
->Temporary Internet Files folder emptied: 33495 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86094970 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 694 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 10366856 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158443 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 217956542 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3642957 bytes

Total Files Cleaned = 306,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Moje
->Flash cache emptied: 0 bytes

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Program Files\Spybot - Search & Destroy\Help folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 08252013_103624

Files moved on Reboot...

Registry entries deleted on Reboot...

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

Tak ted už nejde nic jen najede plocha a kdyz kliknu na něco jen se točí vahy a nic....uz pul hodiny...

Nouzovy rezim funguje normalne?

Ano ten jede v poho a tak jsem dal bod obnovení z dneška a už to je zase jak dřív.. jen nechápu že vše jede do doby než zapojím sítový kabel pak se vše pose...e

Ten nouzak jede normalne i po pripojeni site?


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

v nouzovem rezimu jede vsechno v pohode i internet....

Provedte krok s ComboFix

ale jde to jen v nouzovém rezimu ten combofix

ComboFix 13-08-25.01 - Administrator 27.08.2013 15:02:01.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.691 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix12.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-27 do 2013-08-27 )))))))))))))))))))))))))))))))
.
.
2013-08-26 14:33 . 2013-08-26 14:36 -------- d-----w- C:\ComboFix12
2013-08-25 11:46 . 2013-08-25 11:46 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-24 07:27 . 2013-08-24 07:27 -------- d-----w- c:\documents and settings\Moje\Data aplikací\Malwarebytes
2013-08-24 07:27 . 2013-08-24 07:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-08-22 10:55 . 2013-08-25 09:21 -------- d-----w- c:\program files\trend micro
2013-08-22 10:44 . 2013-08-25 07:10 -------- d-----w- c:\program files\HD Tune
2013-08-22 09:42 . 2013-08-25 11:46 -------- d-----w- c:\documents and settings\UpdatusUser
2013-08-22 09:42 . 2013-08-22 09:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2013-08-22 09:42 . 2011-08-03 11:49 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2013-08-22 09:42 . 2011-08-03 11:49 145000 ----a-w- c:\windows\system32\nvcolor.exe
2013-08-22 09:42 . 2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2013-08-22 09:42 . 2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
2013-08-22 09:42 . 2011-08-03 11:49 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2013-08-22 09:42 . 2011-08-03 11:49 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-08-22 09:42 . 2013-08-22 09:42 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-08-22 09:42 . 2013-08-22 09:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-08-22 09:42 . 2013-08-22 09:42 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-08-22 09:20 . 2008-06-16 14:34 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-08-22 09:16 . 2013-08-22 09:20 -------- d-----w- C:\NVIDIA
2013-08-22 08:31 . 2013-08-25 11:46 -------- d-----w- c:\documents and settings\Administrator
2013-08-14 17:35 . 2013-08-14 17:35 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 10:09 . 2012-05-19 11:37 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-22 10:09 . 2011-05-13 16:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 19:19 . 2013-03-23 19:21 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:19 . 2012-02-20 18:56 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:19 . 2012-02-20 18:56 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-04 11:44 . 2011-04-08 17:08 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2008 14:59 717296]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 11:05 286720]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [23.3.2013 21:21 49376]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [23.3.2013 21:21 175176]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.2.2012 20:56 770344]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.2.2012 20:56 369584]
S1 khips;khips;c:\windows\system32\drivers\khips.sys [26.9.2005 11:05 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.2.2012 20:56 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23.3.2013 21:21 66336]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 14:00 14336]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [29.1.2007 8:40 449408]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [22.3.2010 21:17 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [22.3.2010 21:17 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [22.3.2010 21:17 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [22.3.2010 21:17 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [22.3.2010 21:17 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [22.3.2010 21:17 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [22.3.2010 21:17 97704]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-05 08:58]
.
.
------- Doplňkový sken -------
.
TCP: Interfaces\{A1BCBBD7-2EF1-42B7-83B1-88D0540A2E83}: NameServer = 192.168.150.237,194.228.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zvo9jpln.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-08-26 16:14; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zvo9jpln.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-AtiExtEvent - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-27 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-08-27 15:09:06
ComboFix-quarantined-files.txt 2013-08-27 13:09
.
Před spuštěním: Volných bajtů: 28 780 601 344
Po spuštění: Volných bajtů: 28 734 885 888
.
- - End Of File - - 7867962ABFCA6A70A5EED8C7D08B81D5
8F558EB6672622401DA993E1E865C861

Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 13-08-28.02 - Administrator 28.08.2013 16:58:03.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.802 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Administrator\Plocha\ComboFix12.exe
Použité ovládací přepínače :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}


((((((((((((((((((((((((( Soubory vytvořené od 2013-07-28 do 2013-08-28 )))))))))))))))))))))))))))))))


2013-08-26 14:33:50 . 2013-08-26 14:36:16 -------- d-----w- C:\ComboFix12
2013-08-25 11:46:48 . 2013-08-25 11:46:48 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2013-08-24 07:27:41 . 2013-08-24 07:27:41 -------- d-----w- C:\Documents and Settings\Moje\Data aplikací\Malwarebytes
2013-08-24 07:27:11 . 2013-08-24 07:27:11 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-08-22 10:55:09 . 2013-08-25 09:21:42 -------- d-----w- C:\Program Files\trend micro
2013-08-22 10:44:35 . 2013-08-25 07:10:11 -------- d-----w- C:\Program Files\HD Tune
2013-08-22 09:42:49 . 2013-08-25 11:46:53 -------- d-----w- C:\Documents and Settings\UpdatusUser
2013-08-22 09:42:49 . 2013-08-22 09:42:49 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2013-08-22 09:42:36 . 2011-08-03 11:49:00 146024 ----a-w- C:\WINDOWS\system32\nvsvc32.exe
2013-08-22 09:42:35 . 2011-08-03 11:49:00 145000 ----a-w- C:\WINDOWS\system32\nvcolor.exe
2013-08-22 09:42:35 . 2011-08-03 11:49:00 13892200 ----a-w- C:\WINDOWS\system32\nvcpl.dll
2013-08-22 09:42:34 . 2011-08-03 11:49:00 111208 ----a-w- C:\WINDOWS\system32\nvmctray.dll
2013-08-22 09:42:33 . 2011-08-03 11:49:00 600680 ----a-w- C:\WINDOWS\system32\easyupdatusapiu.dll
2013-08-22 09:42:33 . 2011-08-03 11:49:00 54272 ----a-w- C:\WINDOWS\system32\nvwddi.dll
2013-08-22 09:42:27 . 2013-08-22 09:42:30 280276 ----a-w- C:\WINDOWS\system32\nvdrsdb0.bin
2013-08-22 09:42:27 . 2013-08-22 09:42:30 1 ----a-w- C:\WINDOWS\system32\nvdrssel.bin
2013-08-22 09:42:27 . 2013-08-22 09:42:27 280276 ----a-w- C:\WINDOWS\system32\nvdrsdb1.bin
2013-08-22 09:20:24 . 2008-06-16 14:34:58 446464 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE
2013-08-22 09:16:16 . 2013-08-22 09:20:03 -------- d-----w- C:\NVIDIA
2013-08-22 08:31:21 . 2013-08-25 11:46:53 -------- d-----w- C:\Documents and Settings\Administrator
2013-08-14 17:35:40 . 2013-08-14 17:35:40 -------- d-----w- C:\Program Files\Common Files\Skype
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-08-22 10:09:25 . 2012-05-19 11:37:55 692104 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-22 10:09:09 . 2011-05-13 16:36:54 71048 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-06-27 19:19:55 . 2013-03-23 19:21:18 175176 ----a-w- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-06-27 19:19:55 . 2012-02-20 18:56:30 369584 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2013-06-27 19:19:55 . 2012-02-20 18:56:26 770344 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-06-04 11:44:28 . 2011-04-08 17:08:00 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58:16 121968 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 03:12:00 577536]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2013-05-09 08:58:30 4858968]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-08-03 11:49:00 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 11:49:00 111208]
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 08:08:30 1632360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [27.9.2008 14:59:29 717296]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [26.9.2005 11:05:06 286720]
S0 aswRvrt;aswRvrt;C:\WINDOWS\system32\drivers\aswRvrt.sys [23.3.2013 21:21:17 49376]
S0 aswVmm;aswVmm;C:\WINDOWS\system32\drivers\aswVmm.sys [23.3.2013 21:21:18 175176]
S1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [20.2.2012 20:56:26 770344]
S1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [20.2.2012 20:56:30 369584]
S1 khips;khips;C:\WINDOWS\system32\drivers\khips.sys [26.9.2005 11:05:06 81920]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [20.2.2012 20:56:30 29816]
S2 aswMonFlt;aswMonFlt;C:\WINDOWS\system32\drivers\aswMonFlt.sys [23.3.2013 21:21:17 66336]
S2 ezGOSvc;Easybits GO Services for Windows;C:\WINDOWS\system32\svchost.exe -k netsvcs [18.8.2004 14:00:00 14336]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;C:\WINDOWS\system32\drivers\MSILiveVirtualCamera.sys [29.1.2007 8:40:22 449408]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\drivers\s816bus.sys [22.3.2010 21:17:03 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\s816mdfl.sys [22.3.2010 21:17:07 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\s816mdm.sys [22.3.2010 21:17:07 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\s816mgmt.sys [22.3.2010 21:17:20 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\drivers\s816nd5.sys [22.3.2010 21:17:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\s816obex.sys [22.3.2010 21:17:16 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\drivers\s816unic.sys [22.3.2010 21:17:22 97704]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc

Obsah adresáře 'Naplánované úlohy'

2013-08-28 C:\WINDOWS\Tasks\avast! Emergency Update.job
- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-05 09:56:35 . 2013-05-09 08:58:30]


------- Doplňkový sken -------

uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{A1BCBBD7-2EF1-42B7-83B1-88D0540A2E83}: NameServer = 192.168.150.237,194.228.2.1
FF - ProfilePath - C:\Documents and Settings\Moje\Data aplikací\Mozilla\Firefox\Profiles\5j9k0zkx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-09-02 21:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

Log neni cely, vic toho nebylo?

NO ONO TO nedokončilo jen asi 7 hodin bylo počkejte log se ukaže za par sekund a tak jsem to vytahnul kde se ten log uložil..tak zkusím znovu..