Ahojte, kamarat ma poziadal aby som sa mu pozrel na PC lebo sa mu nejde pripojit na net. Prosim o kontrolu. Dakujem
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014 03
Ran by bohusch (administrator) on BOHUSCH-PC on 27-04-2014 11:52:50
Running from C:\Users\bohusch\Desktop
Microsoft® Windows Vista™ Home Premium (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(forum.viry.cz) C:\Users\bohusch\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1466368 2009-05-05] (Motorola Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-08-17] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174616 2007-07-25] (Intel Corporation)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [181544 2007-09-30] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-16] (CyberLink Corp.)
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [671744 2007-09-20] (DigitalPersona, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13826664 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKU\S-1-5-21-2726574562-3571504676-1839745846-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A& ... 96-134&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2000} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q ... g=EN&cc=SK
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={search ... 7&tsp=4959
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={search ... 7&tsp=4959
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2000} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q ... g=EN&cc=SK
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63128] (VMware, Inc.)
Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll [63128] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default
FF DefaultSearchEngine: Centrum.cz
FF DefaultSearchEngine: Centrum.cz
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://www.centrum.cz/?utm_source=ch-toolbar&u ... paign=home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\bohusch\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\searchplugins\firmycz.xml
FF SearchPlugin: C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\searchplugins\mapycz.xml
FF SearchPlugin: C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\searchplugins\zbocz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: WebCake - C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\Extensions\plugin@getwebcake.com [2013-07-30]
FF Extension: Lišta Centrum.cz - C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\Extensions\toolbar@centrumholdings.com [2014-01-18]
FF Extension: Search-Results Toolbar - C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\Extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0} [2013-03-26]
FF Extension: New tab - C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\Extensions\{A25ABB84-7DA0-B5C4-5AE8-D2021E614EC5} [2013-10-10]
FF Extension: Seznam lištička - C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-04-02]
FF Extension: BS Player ControlBar - C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2013-12-11]
FF Extension: YouTube Video and Audio Downloader - C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-12-14]
FF Extension: YouTube to MP3 - C:\Users\bohusch\AppData\Roaming\Mozilla\Firefox\Profiles\pu115xui.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-10-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-14]
Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={53E8568C-CCEA-4729-8D02-41E5A107EF19}&mid=a7700b30519547d3b24bd1191024e9fb-b6553a2609fa5b6f249c7dd73357e0ed0385fe9a&lang=cs&ds=cg011&coid=avgtbdiscg&pr=sa&d=2013-12-07 23:26:19&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://websearch.pu-results.info/?pid=708&r=2013/04/12&hid=2535682493&lg=EN&cc=SK"
CHR Extension: (SSeaarch-NewTabu) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aajekoocnmgkhfcdlaipdkljklpeockk [2013-04-18]
CHR Extension: (Barowssei2savE) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahgiddmipjecdjfjbahmfnhlmpnhldh [2013-03-16]
CHR Extension: (Browwse2siAvee) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodkejdiopiiddcbaifcnnkldnemkchf [2013-04-18]
CHR Extension: (Saeayruch-NewTabo) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeiocgdgobpfaffmjeoedaigfkgaged [2013-03-16]
CHR Extension: (SeArrcHH-NeewTab) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbkkfepgbbnmbfhmgnkmobkgjdddgpi [2013-04-12]
CHR Extension: (Broiwwsey2esauve) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlpafelcleopcileeogjndcdabfcpng [2013-04-18]
CHR Extension: (SeArrcHH-NeewTab) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikflliaphlajefjkbakgmbedeocknlh [2013-04-12]
CHR Extension: (BrooWese22saove) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchklejcbfllocbfggckildlocfaoilm [2013-04-12]
CHR Extension: (BrooWese22saove) - C:\Users\bohusch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhpdnphhbakflgdomgjlnikcflanoif [2013-04-12]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\bohusch\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-04-12]
CHR HKCU\...\Chrome\Extension: [eibfgbclmgnmffinenpipoibfdoblond] - C:\Users\bohusch\AppData\Roaming\Seznam.cz\bin\listicka-chrome-rv-1.5.5.crx [2013-04-12]
CHR HKCU\...\Chrome\Extension: [fkfpcckoflkdgjdobdkpclgngaahgbpi] - C:\Users\bohusch\AppData\Roaming\Seznam.cz\bin\listicka-chrome-email-1.3.2.crx [2013-04-12]
CHR HKCU\...\Chrome\Extension: [ghoooididkjbjjldgojdgceoinbhbjmh] - C:\Users\bohusch\AppData\Roaming\Seznam.cz\bin\listicka-chrome-slovnik-1.2.3.crx [2013-04-12]
CHR HKCU\...\Chrome\Extension: [mgoblimgpefkcahebgokneaadhahmdah] - C:\Users\bohusch\AppData\Roaming\Seznam.cz\bin\Partner-1.2.0.crx [2013-04-12]
========================== Services (Whitelisted) =================
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-09-30] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-09-30] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79360 2013-03-01] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354896 2013-03-01] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [434256 2013-03-01] (VMware, Inc.)
R2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-09] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-16] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-16] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [118768 2013-09-16] (ESET)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [183912 2006-11-02] (Společnost Microsoft)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1060920 2013-01-26] (Společnost Microsoft)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-03-01] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2013-02-28] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2013-02-28] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-03-01] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [56656 2013-03-01] (VMware, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\bohusch\AppData\Local\Temp\catchme.sys [X]
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-27 11:52 - 2014-04-27 11:53 - 00021049 _____ () C:\Users\bohusch\Desktop\FRST.txt
2014-04-27 11:52 - 2014-04-27 11:52 - 00000000 ____D () C:\FRST
2014-04-27 11:51 - 2014-04-27 11:49 - 01049088 _____ (Farbar) C:\Users\bohusch\Desktop\FRST.exe
2014-04-27 11:51 - 2014-04-27 11:47 - 00112640 _____ (forum.viry.cz) C:\Users\bohusch\Desktop\FRSTLauncher.exe
2014-04-27 11:39 - 2014-04-27 11:43 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-19 16:22 - 2014-02-24 17:36 - 00000426 _____ () C:\AVScanner.ini
2014-04-19 15:58 - 2014-04-19 15:58 - 00013611 _____ () C:\ComboFix.txt
==================== One Month Modified Files and Folders =======
2014-04-27 11:53 - 2014-04-27 11:52 - 00021049 _____ () C:\Users\bohusch\Desktop\FRST.txt
2014-04-27 11:52 - 2014-04-27 11:52 - 00000000 ____D () C:\FRST
2014-04-27 11:49 - 2014-04-27 11:51 - 01049088 _____ (Farbar) C:\Users\bohusch\Desktop\FRST.exe
2014-04-27 11:47 - 2014-04-27 11:51 - 00112640 _____ (forum.viry.cz) C:\Users\bohusch\Desktop\FRSTLauncher.exe
2014-04-27 11:44 - 2013-05-14 21:29 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 11:43 - 2014-04-27 11:39 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-27 11:27 - 2013-02-02 18:22 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726574562-3571504676-1839745846-1000UA.job
2014-04-27 11:26 - 2013-02-16 13:40 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 11:22 - 2006-11-02 12:33 - 01267438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-27 11:16 - 2008-05-12 22:51 - 00000164 _____ () C:\Users\Public\Documents\hpqp.ini
2014-04-27 11:14 - 2013-04-07 13:57 - 00000000 ____D () C:\ProgramData\VMware
2014-04-27 11:14 - 2013-02-09 02:02 - 00032061 _____ () C:\ProgramData\nvModes.dat
2014-04-27 11:14 - 2013-02-09 02:02 - 00032061 _____ () C:\ProgramData\nvModes.001
2014-04-27 11:13 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 11:13 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 11:13 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 11:12 - 2008-05-12 22:31 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-04-27 11:12 - 2008-05-12 22:30 - 01944239 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 11:12 - 2006-11-02 15:01 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-19 16:26 - 2007-11-28 05:10 - 00440996 _____ () C:\Windows\PFRO.log
2014-04-19 16:13 - 2013-12-08 00:26 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-04-19 15:58 - 2014-04-19 15:58 - 00013611 _____ () C:\ComboFix.txt
2014-04-19 15:58 - 2014-02-17 19:27 - 00000000 ____D () C:\Users\bohusch\AppData\Local\Apps\2.0
2014-04-19 15:56 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-19 15:55 - 2013-10-14 19:22 - 00000000 ____D () C:\Program Files\ESET
2014-04-14 14:17 - 2013-03-25 17:35 - 00008484 _____ () C:\Users\bohusch\AppData\Local\d3d9caps.dat
2014-04-13 17:27 - 2013-02-02 18:22 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726574562-3571504676-1839745846-1000Core.job
2014-04-13 17:01 - 2006-11-02 14:52 - 00034824 _____ () C:\Windows\setupact.log
Some content of TEMP:
====================
C:\Users\bohusch\AppData\Local\Temp\catchme.dll
C:\Users\bohusch\AppData\Local\Temp\UNINSTALL.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-27 11:51
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:465.76 GB) (Free:380.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (A-DATA CH94) (Fixed) (Total:465.76 GB) (Free:359.12 GB) NTFS
Available physical RAM: 1913.64 MB
Total physical RAM: 3069.81 MB
Percentage of memory in use: 37%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 466 GB) (Disk ID: C9284220)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 3099F1EF)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726574562-3571504676-1839745846-1000Core.job => C:\Users\bohusch\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726574562-3571504676-1839745846-1000UA.job => C:\Users\bohusch\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\bohusch\Desktop\Trance Project Episode 03 (Best Of Daniel Kandi Tracks & Remixes).flv:TOC.WMV
AlternateDataStreams: C:\Users\bohusch\Downloads\Hyde-Park-19.10.2012---Ivo-Toman.avi:TOC.WMV
AlternateDataStreams: C:\Users\bohusch\Downloads\Terminator-Salvation-CZ.avi:TOC.WMV
AlternateDataStreams: C:\Users\bohusch\Downloads\VLCIE-HORY-2013.avi:TOC.WMV
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\bohusch\Desktop" je 868 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000001
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
sietove adaptery zmizli
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119356
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: sietove adaptery zmizli
Zdravím!
Zkuste nejprve obnovu systému k datu, kdy korektně fungoval.
Zkuste nejprve obnovu systému k datu, kdy korektně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?