VIRY.CZ

Dobry den, tak jsem se dostal do obtizi s policejnim virem, ktery zablokuje pocitac. Zde je log z FRST. Dekuji mnohokrat za pomoc!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013
Ran by uživatel (administrator) on 13-08-2013 14:38:29
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AutoKMS] - C:\Windows\AutoKMS.exe [615936 2012-11-18] ()
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - D:\Programy\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iqepirfclbfegoucebf.lnk
ShortcutTarget: iqepirfclbfegoucebf.lnk -> C:\Users\UIVATE~1\AppData\Local\Temp\fbecuogefblcfripeqi.bfg ()
Startup: C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ltcweviphwxphruedrh.lnk
ShortcutTarget: ltcweviphwxphruedrh.lnk -> C:\Users\UIVATE~1\AppData\Local\Temp\hrdeurhpxwhpivewctl.bfg (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=5f97ddbe&t ... 1d7d9fa4f6
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {6E5502AD-8AAE-4E99-A645-C910CC227D56} URL = http://blekko.com/ws/?source=5f97ddbe&t ... rms}&r=188
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - D:\Programy\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - D:\Programy\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Blekko Search Bar Helper Object - {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll (Montera Technologeis LTD)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Blekko Search Bar Toolbar - {EECF410C-006C-4A05-AD13-6741A0814DBF} - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll (Montera Technologeis LTD)
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc64.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programy\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-09-21] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-13 12:11 - 2013-08-13 12:11 - 00000165 _____ C:\ProgramData\iqepirfclbfegoucebf.reg
2013-08-13 12:11 - 2013-08-13 12:11 - 00000070 _____ C:\ProgramData\iqepirfclbfegoucebf.bat
2013-08-13 08:44 - 2013-08-13 08:44 - 00000165 _____ C:\ProgramData\ltcweviphwxphruedrh.reg
2013-08-13 08:44 - 2013-08-13 08:44 - 00000070 _____ C:\ProgramData\ltcweviphwxphruedrh.bat
2013-08-12 16:38 - 2013-08-12 16:38 - 00000000 ____D C:\Users\uživatel\Desktop\LI v6h-ALPHA005
2013-08-12 16:33 - 2013-08-12 16:35 - 86106081 _____ C:\Users\uživatel\Desktop\LI v6h-ALPHA005.rar
2013-08-12 15:54 - 2012-02-18 18:40 - 00049170 _____ C:\Users\uživatel\Desktop\k_pomerania_BACKUP.tga
2013-07-20 16:26 - 2013-07-20 16:27 - 00000000 ____D C:\Windows\system32\MRT
2013-07-18 13:35 - 2013-04-27 23:12 - 00045087 ____N C:\Users\uživatel\Desktop\Hannibal - 1x05 - Coquilles.HDTV.2HD.en.srt
2013-07-18 13:34 - 2013-07-18 13:34 - 00018471 _____ C:\Users\uživatel\Desktop\Hannibal_1x05_HDTV.2HD.en.zip

==================== One Month Modified Files and Folders =======

2013-08-13 14:37 - 2011-04-12 10:34 - 00666406 _____ C:\Windows\system32\perfh005.dat
2013-08-13 14:37 - 2011-04-12 10:34 - 00140102 _____ C:\Windows\system32\perfc005.dat
2013-08-13 14:37 - 2009-07-14 07:13 - 01577410 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 13:58 - 2012-11-17 05:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-13 13:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 13:58 - 2009-07-14 06:51 - 00059486 _____ C:\Windows\setupact.log
2013-08-13 12:30 - 2012-11-16 13:29 - 01118730 _____ C:\Windows\WindowsUpdate.log
2013-08-13 12:29 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 12:29 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 12:12 - 2012-11-18 11:43 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 12:11 - 2013-08-13 12:11 - 00000165 _____ C:\ProgramData\iqepirfclbfegoucebf.reg
2013-08-13 12:11 - 2013-08-13 12:11 - 00000070 _____ C:\ProgramData\iqepirfclbfegoucebf.bat
2013-08-13 12:11 - 2012-11-16 14:19 - 00000000 ___RD C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-13 08:44 - 2013-08-13 08:44 - 00000165 _____ C:\ProgramData\ltcweviphwxphruedrh.reg
2013-08-13 08:44 - 2013-08-13 08:44 - 00000070 _____ C:\ProgramData\ltcweviphwxphruedrh.bat
2013-08-13 06:15 - 2012-11-18 15:26 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-12 16:38 - 2013-08-12 16:38 - 00000000 ____D C:\Users\uživatel\Desktop\LI v6h-ALPHA005
2013-08-12 16:35 - 2013-08-12 16:33 - 86106081 _____ C:\Users\uživatel\Desktop\LI v6h-ALPHA005.rar
2013-08-11 13:24 - 2013-02-16 22:06 - 00000000 ____D C:\Users\uživatel\AppData\Roaming\Azureus
2013-08-01 19:50 - 2013-02-21 14:12 - 00000000 ____D C:\Users\uživatel\AppData\Roaming\vlc
2013-07-31 11:33 - 2013-04-01 01:34 - 00000000 ____D C:\ProgramData\Skype
2013-07-31 10:43 - 2013-04-01 01:34 - 00000000 ____D C:\Users\uživatel\AppData\Roaming\Skype
2013-07-29 21:03 - 2012-11-18 11:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-29 21:03 - 2012-11-18 11:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 21:03 - 2012-11-18 11:43 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 07:33 - 2013-02-17 00:50 - 00000000 ____D C:\Users\uživatel\.3gpplayer
2013-07-20 16:27 - 2013-07-20 16:26 - 00000000 ____D C:\Windows\system32\MRT
2013-07-18 13:34 - 2013-07-18 13:34 - 00018471 _____ C:\Users\uživatel\Desktop\Hannibal_1x05_HDTV.2HD.en.zip
2013-07-15 07:14 - 2012-11-24 08:21 - 00000000 ____D C:\Users\UIVATE~1\AppData\Local\Adobe

Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe
C:\ProgramData\iqepirfclbfegoucebf.bat
C:\ProgramData\iqepirfclbfegoucebf.reg
C:\ProgramData\ltcweviphwxphruedrh.bat
C:\ProgramData\ltcweviphwxphruedrh.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 08:55

==================== End Of Log ============================

Zdravim a pekny den preji
Vas log se studuje a pracuje se na nem .
Prosim o strpeni!

Dekuji, jste uzasni!!!

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
  HKLM\...\Run: [AutoKMS] - C:\Windows\AutoKMS.exe [615936 2012-11-18] ()
  HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  Startup: C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iqepirfclbfegoucebf.lnk
  ShortcutTarget: iqepirfclbfegoucebf.lnk -> C:\Users\UIVATE~1\AppData\Local\Temp\fbecuogefblcfripeqi.bfg ()
  Startup: C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ltcweviphwxphruedrh.lnk
  ShortcutTarget: ltcweviphwxphruedrh.lnk -> C:\Users\UIVATE~1\AppData\Local\Temp\hrdeurhpxwhpivewctl.bfg (Microsoft Corporation)
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=5f97ddbe&t ... 1d7d9fa4f6
  HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
  SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
  SearchScopes: HKCU - {6E5502AD-8AAE-4E99-A645-C910CC227D56} URL = http://blekko.com/ws/?source=5f97ddbe&t ... d9fa4f6&q={searchTerms}&r=188
  BHO-x32: Blekko Search Bar Helper Object - {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll (Montera Technologeis LTD)
  Toolbar: HKLM-x32 - Blekko Search Bar Toolbar - {EECF410C-006C-4A05-AD13-6741A0814DBF} - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll (Montera Technologeis LTD)
  C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iqepirfclbfegoucebf.lnk
  C:\Users\UIVATE~1\AppData\Local\Temp\hrdeurhpxwhpivewctl.bfg 
  C:\Windows\System32\mctadmin.exe
  C:\ProgramData\iqepirfclbfegoucebf.bat
  C:\ProgramData\iqepirfclbfegoucebf.reg
  C:\ProgramData\ltcweviphwxphruedrh.bat
  C:\ProgramData\ltcweviphwxphruedrh.reg
  C:\Program Files (x86)\PANDORA.TV
  C:\Windows\AutoKMS.exe
  Hosts:
  CMD: shutdown /r /f /t 2
  End
  
  
  
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Dekuji prevelice za bleskovou pomoc!

fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013
Ran by uživatel at 2013-08-13 15:03:42 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)
==============================================

PanService => Service deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iqepirfclbfegoucebf.lnk => Moved successfully.
C:\Users\UIVATE~1\AppData\Local\Temp\fbecuogefblcfripeqi.bfg => Moved successfully.
C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ltcweviphwxphruedrh.lnk => Moved successfully.
C:\Users\UIVATE~1\AppData\Local\Temp\hrdeurhpxwhpivewctl.bfg => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E5502AD-8AAE-4E99-A645-C910CC227D56} => Key deleted successfully.
HKCR\CLSID\{6E5502AD-8AAE-4E99-A645-C910CC227D56} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BAE35237-8D73-44D0-905C-8A95EA1E7E69} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EECF410C-006C-4A05-AD13-6741A0814DBF} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{EECF410C-006C-4A05-AD13-6741A0814DBF} => Key deleted successfully.
"C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iqepirfclbfegoucebf.lnk" => File/Directory not found.
"C:\Users\UIVATE~1\AppData\Local\Temp\hrdeurhpxwhpivewctl.bfg " => File/Directory not found.
Could not move "C:\Windows\System32\mctadmin.exe" => Scheduled to move on reboot.
C:\ProgramData\iqepirfclbfegoucebf.bat => Moved successfully.
C:\ProgramData\iqepirfclbfegoucebf.reg => Moved successfully.
C:\ProgramData\ltcweviphwxphruedrh.bat => Moved successfully.
C:\ProgramData\ltcweviphwxphruedrh.reg => Moved successfully.
C:\Program Files (x86)\PANDORA.TV => Moved successfully.
C:\Windows\AutoKMS.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========

PC nam najelo do normalniho rezimu a bez problemu?

Jo, super, vše se zdá ok, pro jistotu ještě spustím hloubkový scan počítače přes AVAST a vyčistím registry přes CCleaner. Ještě jednou velice děkuji!

EDIT: A updatuju Javu, někde jsem četl, že ten policejní virus se dostává přes bezpečnostní chybu ve staré verzi Javy.

Jeste to procitime dale, je tam toho hodne

Predtim ale odinstalujte ty nelegalni Office, toto forum nepodporuje piratsky SW

Pote dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Děkuji, zde je RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by uživatel at 2013-08-13 15:47:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 39 GB (45%) free of 86 GB
Total RAM: 8190 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:47:42, on 13.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - D:\Programy\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\Programy\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\Programy\icq\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\Programy\icq\ICQ7M\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6772 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {56DF8F2B-82ED-45B8-B451-BF06E7AF73A4}
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Opera x64\opera.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\uživatel\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
SMART Notebook Download Utility - D:\Programy\SMART Technologies\Education Software\Win64\NotebookPlugin.dll [2012-03-28 323440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-13 553896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-13 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
SMART Notebook Download Utility - D:\Programy\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2012-03-28 237424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-08-13 15:47:22 ----D---- C:\rsit
2013-08-13 15:47:22 ----D---- C:\Program Files\trend micro
2013-08-13 15:37:45 ----SHD---- C:\Config.Msi
2013-08-13 15:21:45 ----A---- C:\Windows\system32\javaws.exe
2013-08-13 15:21:41 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-13 15:21:41 ----A---- C:\Windows\system32\javaw.exe
2013-08-13 15:21:41 ----A---- C:\Windows\system32\java.exe
2013-08-13 15:21:35 ----D---- C:\Program Files\Java
2013-08-13 14:38:06 ----D---- C:\FRST
2013-08-13 12:31:31 ----A---- C:\Windows\ntbtlog.txt
2013-07-20 16:26:38 ----D---- C:\Windows\system32\MRT

======List of files/folders modified in the last 1 month======

2013-08-13 15:47:25 ----D---- C:\Windows\Temp
2013-08-13 15:47:22 ----RD---- C:\Program Files
2013-08-13 15:46:35 ----D---- C:\Windows\System32
2013-08-13 15:46:35 ----D---- C:\Windows\inf
2013-08-13 15:46:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-13 15:45:02 ----D---- C:\Windows\system32\config
2013-08-13 15:42:06 ----D---- C:\ProgramData\NVIDIA
2013-08-13 15:41:59 ----RD---- C:\Program Files (x86)
2013-08-13 15:41:11 ----D---- C:\Windows\Microsoft.NET
2013-08-13 15:41:09 ----SHD---- C:\Windows\Installer
2013-08-13 15:41:00 ----D---- C:\ProgramData\Microsoft Help
2013-08-13 15:40:59 ----RSD---- C:\Windows\assembly
2013-08-13 15:40:39 ----SD---- C:\ProgramData\Microsoft
2013-08-13 15:40:39 ----D---- C:\Windows
2013-08-13 15:40:39 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-08-13 15:39:50 ----RSD---- C:\Windows\Fonts
2013-08-13 15:39:36 ----D---- C:\Program Files (x86)\MSBuild
2013-08-13 15:39:30 ----D---- C:\Windows\SysWOW64
2013-08-13 15:39:30 ----D---- C:\Program Files (x86)\Common Files
2013-08-13 15:38:34 ----D---- C:\Windows\ShellNew
2013-08-13 15:38:23 ----A---- C:\Windows\win.ini
2013-08-13 15:37:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-08-13 15:37:40 ----SHD---- C:\System Volume Information
2013-08-13 15:21:37 ----A---- C:\Windows\system32\npDeployJava1.dll
2013-08-13 15:21:37 ----A---- C:\Windows\system32\deployJava1.dll
2013-08-13 15:03:42 ----HD---- C:\ProgramData
2013-08-13 15:03:42 ----D---- C:\Windows\system32\drivers\etc
2013-08-11 13:24:19 ----D---- C:\Users\uživatel\AppData\Roaming\Azureus
2013-08-09 16:42:52 ----D---- C:\Windows\system32\DriverStore
2013-08-09 16:42:52 ----D---- C:\Windows\system32\drivers
2013-08-09 16:42:52 ----D---- C:\Windows\system32\catroot
2013-08-01 19:50:21 ----D---- C:\Users\uživatel\AppData\Roaming\vlc
2013-07-31 11:33:16 ----D---- C:\ProgramData\Skype
2013-07-31 10:43:39 ----D---- C:\Users\uživatel\AppData\Roaming\Skype
2013-07-29 21:03:16 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-07-17 23:35:55 ----SD---- C:\Users\uživatel\AppData\Roaming\Microsoft
2013-07-15 21:10:04 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-05-09 22600]
R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2013-05-09 270824]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-06-28 189936]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2013-05-09 131232]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-06-28 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-06-28 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-04 103448]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-04 203672]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2013-06-04 203672]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-05-09 137960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-29 257416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-12-09 1044816]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-07-27 563624]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Děkuji mnohokrát, hned se na to vrhám

Pak jeste napiste, ci je vse OK

Ano, vše se zdá OK. Moc jste mi pomohl, velice děkuji a alespoň symbolicky se pokusím revanšovat se přes Paypal a podpořit toto skvělé fórum.

Nemate zac, rad jsem pomohl Za podporu fora jmenem celeho tymu dekuji Zase nekdy

A na zaklade Pravidla o zamykani temat