VIRY.CZ

Presunte ComboFix na plochu, jinak to nebude fungovat!
Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Všechno proběhlo OK, log je tady:

ComboFix 14-12-14.01 - Question Marks 21.12.2014 12:40:46.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.958.385 [GMT 1:00]
Spuštěný z: c:\documents and settings\Question Marks\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Question Marks\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-21 do 2014-12-21 )))))))))))))))))))))))))))))))
.
.
2014-12-19 19:38 . 2014-12-19 19:38 -------- d-----w- c:\documents and settings\Question Marks\Data aplikací\Malwarebytes
2014-12-19 16:32 . 2014-12-19 16:33 -------- d-----w- C:\rsit
2014-12-19 16:13 . 2008-04-14 03:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2014-12-19 16:13 . 2008-04-14 03:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-21 20:17 . 2011-09-13 08:47 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-10-20 16:44 . 2009-03-25 18:44 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-20 16:42 . 2014-10-20 16:42 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-20 16:42 . 2014-10-03 18:06 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-20 16:42 . 2014-10-03 18:06 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-20 16:42 . 2014-10-03 18:06 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-20 16:42 . 2009-03-25 18:44 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-20 16:42 . 2009-03-25 18:44 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-20 16:42 . 2014-10-20 16:42 43152 ----a-w- c:\windows\avastSS.scr
2014-10-20 16:42 . 2009-03-25 18:44 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-07 19:36 . 2014-01-21 12:12 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-07 19:36 . 2011-06-10 18:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-07 18:09 . 2014-10-07 18:10 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-07 18:09 . 2014-10-07 18:10 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-20 16:41 578240 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avast-Browser-Cleanup"="c:\program files\Alwil Software\Avast5\BrowserCleanup.exe/RunOnce" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-10-20 4085896]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-05 22528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Canon LBP-810 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE !N [2002-9-5 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2004-12-29 13:01 544768 -c--a-w- c:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.10.2014 19:06 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.10.2014 19:06 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [13.9.2011 9:47 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [25.3.2009 19:44 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [20.10.2014 17:42 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.10.2014 19:06 67824]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [23.3.2007 22:18 100032]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4.11.2008 10:39 14336]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [8.10.2006 7:42 5504]
S2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [25.10.2014 8:23 22912]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [25.11.2007 19:29 93440]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [26.12.2008 9:02 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [26.12.2008 9:02 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [26.12.2008 9:02 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [26.12.2008 9:02 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [26.12.2008 9:02 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [26.12.2008 9:02 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [26.12.2008 9:02 90800]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [7.6.2013 18:48 155824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-16 11:35 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-20 16:41]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 21:24]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 21:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\Question Marks\Data aplikací\Mozilla\Firefox\Profiles\92za00ou.default-1417512866515\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-21 12:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2480)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\CAPRPCSK.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2014-12-21 13:00:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-21 12:00
ComboFix2.txt 2014-12-20 20:14
.
Před spuštěním: Volných bajtů: 54 302 523 392
Po spuštění: Volných bajtů: 54 355 329 024
.
- - End Of File - - FB8775AB7899A3ABD74E99EEF49248D4
413FC2A0C716421B3158746D63736515

Jeste dejte log podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Tady je:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014 01
Ran by Question Marks (administrator) on AMILIO on 21-12-2014 13:37:59
Running from C:\Documents and Settings\Question Marks\Plocha
Loaded Profile: Question Marks (Available profiles: Question Marks)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(CANON INC.) C:\WINDOWS\system32\CAPRPCSK.EXE
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Question Marks\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [53248 2005-03-08] (S3 Graphics, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2087424 2008-11-04] (Vodafone)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-10-20] (AVAST Software)
HKLM\...\Run: [CAPON] => C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE [22528 2001-02-05] (CANON INC.)
HKU\S-1-5-21-1795509605-3043442306-2256018191-1006\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\Alwil Software\Avast5\BrowserCleanup.exe [1534624 2014-12-03] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Canon LBP-810 Status Window.LNK
ShortcutTarget: Canon LBP-810 Status Window.LNK -> C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1795509605-3043442306-2256018191-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1795509605-3043442306-2256018191-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1795509605-3043442306-2256018191-1006 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1795509605-3043442306-2256018191-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-1795509605-3043442306-2256018191-1006 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1795509605-3043442306-2256018191-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Question Marks\Data aplikací\Mozilla\Firefox\Profiles\92za00ou.default-1417512866515
FF DefaultSearchEngine: Seznam
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-09-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default -> file:///C:/Documents%20and%20Settings/Question%20Marks/Plocha/msert.exe
CHR StartupUrls: Default -> "https://www.google.cz/?gws_rd=cr&ei=5sp ... 4gTOloDADQ"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Documents and Settings\Question Marks\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Seznam LiÅ¡tička - Email) - C:\Documents and Settings\Question Marks\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-01-12]
CHR Extension: (Seznam LiÅ¡tička - Slovník) - C:\Documents and Settings\Question Marks\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-01-12]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Question Marks\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-23]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Question Marks\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Documents and Settings\Question Marks\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-01-12]
CHR HKLM\...\Chrome\Extension: [ekoolelfodgkgoaghjgjoinbdcdkfcgb] - C:\Program Files\MediaWatchV1\MediaWatchV1home745\ch\MediaWatchV1home745.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-10-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-20] (AVAST Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-01-19] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-07] (Oracle Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE [2119360 2006-08-03] (Symantec Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [100032 2006-08-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-11-04] (Vodafone) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 adusbser; C:\WINDOWS\System32\DRIVERS\adusbser.sys [93440 2006-10-23] (AnyDATA Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3972672 2006-06-27] (Realtek Semiconductor Corp.)
R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [463168 2005-05-05] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-20] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-20] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-10-20] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-20] ()
R3 EKBfltr; C:\WINDOWS\System32\DRIVERS\EKBfltr.sys [5504 2005-01-14] (EnE Technology Inc.)
R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2005-03-18] (VIA Technologies, Inc. )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2006-12-06] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-12-06] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-12-06] (HP)
R0 nvatabus; C:\WINDOWS\System32\drivers\nvatabus.sys [93568 2005-08-18] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-18] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-18] (Microsoft Corporation)
S2 RapidPort; C:\WINDOWS\system32\Drivers\CAPLPTN.SYS [22912 2001-02-05] (CANON INC.)
S3 SE31bus; C:\WINDOWS\System32\DRIVERS\SE31bus.sys [61600 2006-11-10] (MCCI)
S3 SE31mdfl; C:\WINDOWS\System32\DRIVERS\SE31mdfl.sys [9360 2006-11-10] (MCCI)
S3 SE31mdm; C:\WINDOWS\System32\DRIVERS\SE31mdm.sys [97184 2006-11-10] (MCCI)
S3 SE31mgmt; C:\WINDOWS\System32\DRIVERS\SE31mgmt.sys [88688 2006-11-10] (MCCI)
S3 se31nd5; C:\WINDOWS\System32\DRIVERS\se31nd5.sys [18704 2006-11-10] (MCCI)
S3 SE31obex; C:\WINDOWS\System32\DRIVERS\SE31obex.sys [86560 2006-11-10] (MCCI)
S3 se31unic; C:\WINDOWS\System32\DRIVERS\se31unic.sys [90800 2006-11-10] (MCCI)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [248704 2006-02-09] (Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 viamraid; C:\WINDOWS\System32\drivers\viamraid.sys [92672 2005-11-23] (VIA Technologies inc,.ltd)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U3 mbr; \??\C:\DOCUME~1\QUESTI~1\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 13:37 - 2014-12-21 13:39 - 00016326 _____ () C:\Documents and Settings\Question Marks\Plocha\FRST.txt
2014-12-21 13:37 - 2014-12-21 13:38 - 00000000 ____D () C:\FRST
2014-12-21 13:36 - 2014-12-21 13:36 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Question Marks\Plocha\FRSTLauncher.exe
2014-12-21 13:26 - 2014-12-21 13:26 - 01113600 _____ (Farbar) C:\Documents and Settings\Question Marks\Plocha\FRST.exe
2014-12-21 13:00 - 2014-12-21 13:00 - 00009930 _____ () C:\ComboFix.txt
2014-12-21 13:00 - 2014-12-21 13:00 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-12-21 13:00 - 2014-12-21 13:00 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-12-21 12:51 - 2014-12-21 13:39 - 00000000 ____D () C:\Documents and Settings\Question Marks\Local Settings\temp
2014-12-21 12:30 - 2014-12-20 20:54 - 05601641 ____R (Swearware) C:\Documents and Settings\Question Marks\Plocha\ComboFix.exe
2014-12-20 21:08 - 2014-12-20 21:08 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-12-20 21:08 - 2014-12-20 21:08 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-12-20 21:08 - 2014-12-20 21:08 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-12-20 21:08 - 2014-12-20 21:08 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-12-20 21:08 - 2014-12-20 21:08 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-12-20 20:57 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-12-20 20:57 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-12-20 20:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-12-20 20:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-12-20 20:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-12-20 20:57 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-12-20 20:57 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-12-20 20:57 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-12-20 20:57 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-12-20 20:56 - 2014-12-21 13:00 - 00000000 ____D () C:\Qoobox
2014-12-19 20:38 - 2014-12-19 20:38 - 00000000 ____D () C:\Documents and Settings\Question Marks\Data aplikací\Malwarebytes
2014-12-19 20:33 - 2014-12-19 20:35 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Question Marks\Plocha\mbam-setup-1.75.0.1300.exe
2014-12-19 19:39 - 2014-12-19 19:39 - 02166272 _____ () C:\Documents and Settings\Question Marks\Plocha\adwcleaner_4.105.exe
2014-12-19 17:32 - 2014-12-19 17:33 - 00000000 ____D () C:\rsit
2014-12-19 17:31 - 2014-12-19 17:31 - 01107968 _____ () C:\Documents and Settings\Question Marks\Plocha\RSIT.exe
2014-12-19 17:13 - 2014-12-19 17:14 - 00003954 _____ () C:\WINDOWS\setupapi.log
2014-12-19 17:13 - 2014-12-19 17:13 - 00000041 _____ () C:\WINDOWS\setupact.log
2014-12-19 17:13 - 2014-12-19 17:13 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-19 17:13 - 2008-04-14 04:29 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2014-12-19 17:13 - 2008-04-14 04:29 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-12-03 10:01 - 2014-12-03 10:01 - 00001745 _____ () C:\Documents and Settings\All Users\Plocha\Sony PC Companion 2.1.lnk
2014-12-02 21:04 - 2014-12-02 21:04 - 00000411 _____ () C:\Documents and Settings\Question Marks\Plocha\Důležitá nastavení zabezpečení nemažte.txt
2014-12-02 10:34 - 2014-12-02 10:34 - 00000000 ____D () C:\Documents and Settings\Question Marks\Plocha\Původní data aplikace Firefox
2014-12-01 18:37 - 2014-12-01 18:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-23 20:49 - 2014-11-23 20:49 - 00000083 _____ () C:\Documents and Settings\Question Marks\Plocha\adresy pohádek.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 13:37 - 2007-03-21 10:16 - 00000000 ___HD () C:\Documents and Settings\Question Marks\Local Settings\Data aplikací
2014-12-21 13:37 - 2007-03-21 10:16 - 00000000 ____D () C:\Documents and Settings\Question Marks\Plocha
2014-12-21 13:35 - 2014-02-14 06:59 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 13:30 - 2014-01-21 15:09 - 00000000 ____D () C:\Documents and Settings\Question Marks\Dokumenty\Stažené soubory
2014-12-21 13:02 - 2012-09-21 18:11 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-21 13:01 - 2006-10-09 01:42 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-12-21 12:56 - 2006-10-09 01:38 - 01566977 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-21 12:56 - 2006-10-08 07:40 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-21 12:55 - 2014-02-14 06:59 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 12:55 - 2006-10-08 07:40 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-21 12:53 - 2006-10-09 03:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-21 12:53 - 2006-10-09 03:35 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-21 12:53 - 2006-10-09 01:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-21 12:52 - 2007-03-21 10:16 - 00000272 ___SH () C:\Documents and Settings\Question Marks\ntuser.ini
2014-12-21 12:40 - 2007-03-21 10:16 - 00000000 __RHD () C:\Documents and Settings\Question Marks\Data aplikací
2014-12-21 12:34 - 2006-10-09 01:42 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-21 11:39 - 2014-01-12 21:26 - 00000000 ____D () C:\Documents and Settings\Question Marks\Data aplikací\Seznam.cz
2014-12-21 11:13 - 2006-10-09 01:42 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-12-20 21:09 - 2006-10-09 03:32 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-12-20 21:09 - 2006-10-09 03:32 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-12-20 21:09 - 2006-10-09 03:31 - 30932992 _____ () C:\WINDOWS\system32\config\software.bak
2014-12-20 21:09 - 2006-10-09 03:31 - 06291456 _____ () C:\WINDOWS\system32\config\system.bak
2014-12-20 21:09 - 2006-10-09 03:31 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-12-20 21:09 - 2006-10-09 01:38 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-20 21:08 - 2013-11-15 16:37 - 00000000 ____D () C:\WINDOWS\erdnt
2014-12-20 21:07 - 2014-10-21 11:41 - 00000000 ____D () C:\Documents and Settings\Question Marks\Local Settings\Data aplikací\Temp
2014-12-20 20:54 - 2007-03-26 17:51 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-12-20 19:03 - 2006-10-09 03:32 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-12-20 19:03 - 2006-10-09 03:32 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-12-20 16:06 - 2012-12-21 18:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2753842-v2$
2014-12-19 19:45 - 2014-01-24 20:54 - 00000000 ____D () C:\AdwCleaner
2014-12-19 19:45 - 2007-03-21 10:16 - 00000000 ___RD () C:\Documents and Settings\Question Marks\Nabídka Start\Programy
2014-12-19 19:45 - 2006-10-09 03:32 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-12-19 17:33 - 2014-01-22 22:09 - 00000000 ____D () C:\Program Files\trend micro
2014-12-16 12:39 - 2011-06-10 19:00 - 00001819 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-12-11 23:06 - 2013-11-15 18:09 - 00000000 ____D () C:\Documents and Settings\Question Marks\Dokumenty\Antivir
2014-12-11 23:00 - 2007-03-21 10:16 - 00000000 ____D () C:\Documents and Settings\Question Marks
2014-12-06 10:55 - 2006-10-09 03:33 - 01052900 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-03 10:01 - 2013-06-07 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Sony
2014-12-03 09:59 - 2006-10-09 02:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-03 09:56 - 2014-01-21 15:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-02 21:02 - 2009-03-14 13:27 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-12-01 23:23 - 2013-11-27 22:36 - 00000525 _____ () C:\Documents and Settings\Question Marks\Plocha\Čísla her.txt
2014-11-24 19:45 - 2007-08-04 13:58 - 00081920 _____ () C:\Documents and Settings\Question Marks\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-24 19:10 - 2012-12-08 19:10 - 00000000 ____D () C:\Documents and Settings\Question Marks\Dokumenty\FOTKY
2014-11-24 18:52 - 2010-08-07 08:31 - 00000000 ____D () C:\Documents and Settings\Question Marks\Plocha\fotky sou
2014-11-21 21:17 - 2011-09-13 09:47 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Question Marks\Plocha" je 13984 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Microsoft Office.lnk
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Prvodce penesenm soubor a nastaven"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\msiexec.exe"="C:\\WINDOWS\\system32\\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"="C:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

pavel123 píše:***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Question Marks\Plocha" je 13984 MB.

Velikost plochy by nemela preshovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku


Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Tentokrát se to zachovalo nějak divně - dělal jsem to 2x, v obou případech se to zachovalo stejně, zhavaro lo to, reboot se neprovedl, velmi rychle se vygeneoval následující log (název: fixlog).
Hlášku, kterou to vygenerovalo po zastavení FRST, jsem si bohužel neopsal. Mám to udělat znovu a opsat ji?


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-12-2014 01
Ran by Question Marks at 2014-12-21 19:00:40 Run:2
Running from C:\Documents and Settings\Question Marks\Plocha
Loaded Profile: Question Marks (Available profiles: Question Marks)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1795509605-3043442306-2256018191-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1795509605-3043442306-2256018191-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-1795509605-3043442306-2256018191-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-07] (Oracle Corporation)

2014-12-19 20:38 - 2014-12-19 20:38 - 00000000 ____D () C:\Documents and Settings\Question Marks\Data aplikací\Malwarebytes
2014-12-19 20:33 - 2014-12-19 20:35 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Question Marks\Plocha\mbam-setup-1.75.0.1300.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-1795509605-3043442306-2256018191-1006\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Key not found.
HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-1795509605-3043442306-2256018191-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => Value not found.
HKCR\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => Key not found.
HKU\S-1-5-21-1795509605-3043442306-2256018191-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value not found.
JavaQuickStarterService => Service not found.
"C:\Documents and Settings\Question Marks\Data aplikací\Malwarebytes" => File/Directory not found.
"C:\Documents and Settings\Question Marks\Plocha\mbam-setup-1.75.0.1300.exe" => File/Directory not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 7.1 MB temporary data.

pavel123 píše:Mám to udělat znovu a opsat ji?

Neni potreba, podle logu program udelal vse, co mel.

Co pocitac, nastala nejaka zmena? Pokud klavesnice stale blbne, zkuste jeste kouknout na spravce zarizeni, jestli tam neni u klavesnice nejaky problem s ovladacem.



Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

Udělal jsem všechno, zatím ne tu defragmentaci. Nicméně klávesnice se chová stále stejně. Ještě než jsem se na fórum obrátil, zkusil jsem nainstalovat nějakou novější verzi driveru klávesnice, ale nebyla nalezena. Teď jsem zkusil navíc odinstalovat stávající, ale ani nevím, jestli se to provedlo nebo ne - vyžádalo si to 2 restarty a vypadalo to, jako by se odinstalovaný ovladač automaticky zas ihned obnovil. Nevím, jestli to tak funguje, že by se odinstalovaný ovladač automaticky vrátil zpátky. V každém případě to nic nevyřešilo.
Tu defragmentaci zítra udělám, ale myslíte, že je ještě nějaká šance na obnovení funkce klávesnice?

Ano, vratit by se mohl sam, ze zalohy, ktera na NB byva.

Sance na obnoveni klavesnice je, ale v servisu. Zadny software to asi neopravi. Havet tam neni a defragmentace jen urovna data na disku. Je mi lito

V každém případě díky za péči, pošlu vám zas nějaké peníze na podporu fóra.
Přeju hezké svátky a šťastný Nový rok

Neni vubec zac!

Za pripadny prispevek dekujeme

Vam take stastne a vesele a v novem roce vse nejlepsi

Mejte se a treba zase nekdy