VIRY.CZ

Zdravim, Avast mi zablokoval v truhle libcurl-4.dll a v po spuštění se mi nachází winlog.exe. Nyní stále vyskakuje hláška, že nelze spustit, protože chybí libcurl-4.
winlog.exe se mi naleza v AppData\Roaming\WinUpdate\c, mam tam i \g složku.
Avast mi jej oznacil jak bez viru
Taky se mi nejak nepozdava ten windrv.exe

Jinak po ukonceni windrv.exe mi prestala nabihat hlaska ze se chce spouste winlog.exe. Koukam, ze s nejvetsi pravdepodobnosti je to bitcoin miner, i kdyz teda watch dogs jsem nestahoval, dle toho co jsem googlil

ve složce AppData\Roaming\WinUpdate\g se taky nachazi soubory jako miner, scrypt atd. takze asi jsem nekde chytnul minera

Logfile of random's system information tool 1.10 (written by random/random)
Microsoft Windows 8.1 Pro
System drive C: has 43 GB (27%) free of 160 GB
Total RAM: 7893 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:07:11, on 11. 6. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Tomas\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Tomas\AppData\Roaming\WinUpdate\c\windrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tomas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\Tomas\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Windows Drivers] "C:\Users\Tomas\AppData\Roaming\WinUpdate\c\windrv.exe"
O4 - Startup: miranda64.exe – zástupce.lnk = C:\Program Files (x86)\Miranda\miranda64.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVControlCenter - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem53.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Settings Service - Lenovo Group Limited - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\cammute.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
O23 - Service: Lenovo AVFramework Virtual Camera Controller Service (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LocationTaskManager - Unknown owner - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: postgresql-x64-9.0 - PostgreSQL Server 9.0 (postgresql-x64-9.0) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @oem11.inf,%WBFService_SvcDesc%;Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\System32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\Windows\system32\vmms.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13714 bytes

======Listing Processes======

wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\system32\ibmpmsvc.exe
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e1de0245-98b7-456f-9ed7-391391cce472 -SystemEventPortName:HostProcess-781f5b55-cc09-46da-abf8-56f6e657129e -IoCancelEventPortName:HostProcess-94780c05-d251-423c-8dac-10ce8dda1564 -NonStateChangingEventPortName:HostProcess-99e6fe90-15dd-4163-a2ef-5d875d11d679 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0dbc2508-f26d-46b8-8792-fc32fb5bd97c -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b8802d13-df0f-474b-a120-aa6210af594e -SystemEventPortName:HostProcess-14db7505-21ce-4c97-a893-451bfeab05d8 -IoCancelEventPortName:HostProcess-f67654d4-70ac-4482-9e82-6e87aa8d8c2b -NonStateChangingEventPortName:HostProcess-e45e9918-a7cf-4faf-a25d-c186abf397d3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:76307939-06f9-4f98-860c-05e186a78ad2 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-63c91304-7857-4618-ac8b-9b9714599915 -SystemEventPortName:HostProcess-c48620b3-48d9-4fca-b6db-5579fb7d6188 -IoCancelEventPortName:HostProcess-10837879-6cfe-442b-814f-397dbebf94f3 -NonStateChangingEventPortName:HostProcess-9dd92fd1-51ac-4435-9110-47d82d3b93bc -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8ae65107-b21a-4c13-abe5-356714625bd0 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c02bba42-0188-41a7-9d28-8ffcf5bbe2e1 -SystemEventPortName:HostProcess-a802db13-2f4a-4206-a8a2-e078a7eeee6b -IoCancelEventPortName:HostProcess-d6756cbf-7a48-47c4-9521-4c92fa55b270 -NonStateChangingEventPortName:HostProcess-8e105363-a03a-4e33-8eab-691ddf80ee09 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4784269a-84ed-4db2-a308-f26180d5c451 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 597854932688
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\CxAudMsg64.exe
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
dashost.exe {9b0e8e8d-285c-4257-bb5d6a90b09d7be2}
"C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe"
"C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe" runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" -D "C:/Program Files/PostgreSQL/9.0/data"
\??\C:\Windows\system32\conhost.exe 0x4
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forklog" "4640" "4644"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forkboot" "4520" "-x3"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forkboot" "4532" "-x4"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forkavlauncher" "4512"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forkcol" "4504"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\Windows\System32\valWBFPolicyService.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
C:\Windows\system32\vmms.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskeng.exe {D6C9D633-8135-4539-AB2E-C0EA46C787B4}
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
"C:\Windows\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Windows\RtsCM64.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files\Lenovo\HOTKEY\extapsup.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Users\Tomas\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

"C:\Users\Tomas\AppData\Roaming\WinUpdate\c\windrv.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Miranda\miranda64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6484.0.1784135060\1741098945" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,5,15 --gpu-vendor-id=0x8086 --gpu-device-id=0x0416 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3412 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.2.149754712\2010696712" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.3.1609300693\1872328804" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.4.253731540\1719097173" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.5.532140267\2022187523" /prefetch:673131151
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.7.630587358\1148679515" /prefetch:673131151
"C:\Program Files\Lenovo\Communications Utility\tpknrres.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe"
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
"C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Windows\System32\Taskmgr.exe" /2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/HwVideo/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.15.2134911169\1276294569" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/HwVideo/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.18.626025199\588473717" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/HwVideo/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.19.291872939\774091963" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/HwVideo/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="6484.21.1540361509\865316674" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 564 572 580 65536 576
"C:\Users\Tomas\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Zdravim

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbar
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

log z mbar:

11. 6. 2014 16:24:47
mbar-log-2014-06-11 (16-24-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 322445
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-3271458213-3823914991-552590305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windows Drivers (Backdoor.Agent.E) -> Data: "C:\Users\Tomas\AppData\Roaming\WinUpdate\c\windrv.exe" -> Delete on reboot. [07abd0a3bdbe60d687b942a7e71cf709]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Tomas\AppData\Roaming\WinUpdate\c\windrv.exe (Backdoor.Agent.E) -> Delete on reboot. [07abd0a3bdbe60d687b942a7e71cf709]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

PS: mel bych se obavat o hesla?

Tezko urcovat co vse tenhle kram dela, ale urcite ty nejdulezitejsi hesla bych zmenil

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

# AdwCleaner v3.212 - Report created 11/06/2014 at 16:38:43
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Tomas - TOM-NOTEBOOK
# Running from : C:\Users\Tomas\Downloads\adwcleaner_3.212 (1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\kzmwahti.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [886 octets] - [11/06/2014 13:57:18]
AdwCleaner[R1].txt - [1008 octets] - [11/06/2014 16:38:00]
AdwCleaner[S0].txt - [946 octets] - [11/06/2014 13:59:11]
AdwCleaner[S1].txt - [931 octets] - [11/06/2014 16:38:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [990 octets] ##########

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

oba logy byly prilis velke, pridavam jako prilohy
E: uff nejak to nejde, hodil jsem to na dropbox

https://dl.dropboxusercontent.com/u/56783618/FRST.txt

https://dl.dropboxusercontent.com/u/567 ... dition.txt

Hodte je do raru a do prilohy nebo na LP http://leteckaposta.cz/

uploadnuto na dropbox, prispevek upraven s linky

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3271458213-3823914991-552590305-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)

2014-06-11 16:47 - 2014-06-11 16:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomas\Downloads\Nepotvrzeno 526435.crdownload
2014-06-11 16:47 - 2014-06-11 16:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomas\Desktop\FRSTLauncher.exe
2014-06-11 16:46 - 2014-06-11 16:46 - 00112640 _____ (forum.viry.cz) C:\Users\Tomas\Downloads\Nepotvrzeno 327736.crdownload
2014-06-11 16:37 - 2014-06-11 16:37 - 01333465 _____ () C:\Users\Tomas\Downloads\adwcleaner_3.212 (1).exe
2014-06-11 16:23 - 2014-06-11 16:30 - 00000000 ____D () C:\Users\Tomas\Desktop\mbar
2014-06-11 16:23 - 2014-06-11 16:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tomas\Downloads\mbar-1.07.0.1012.exe
2014-06-11 14:06 - 2014-06-11 14:07 - 00000000 ____D () C:\rsit
2014-06-11 14:06 - 2014-06-11 14:07 - 00000000 ____D () C:\Program Files\trend micro
2014-06-11 14:06 - 2014-06-11 14:06 - 01222144 _____ () C:\Users\Tomas\Downloads\RSITx64.exe
2014-06-11 13:57 - 2014-06-11 16:38 - 00000000 ____D () C:\AdwCleaner
2014-06-11 13:57 - 2014-06-11 13:57 - 01333465 _____ () C:\Users\Tomas\Downloads\adwcleaner_3.212.exe
2014-06-11 13:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
C:\Users\Tomas\AppData\Roaming\CamLayout.ini
C:\Users\Tomas\AppData\Roaming\CamShapes.ini
C:\Users\Public\ASR.dat
C:\Users\Tomas\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Tomas\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Tomas\AppData\Local\Temp\Quarantine.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014 01
Ran by Tomas at 2014-06-11 17:41:05 Run:1
Running from C:\Users\Tomas\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3271458213-3823914991-552590305-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)

2014-06-11 16:47 - 2014-06-11 16:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomas\Downloads\Nepotvrzeno 526435.crdownload
2014-06-11 16:47 - 2014-06-11 16:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomas\Desktop\FRSTLauncher.exe
2014-06-11 16:46 - 2014-06-11 16:46 - 00112640 _____ (forum.viry.cz) C:\Users\Tomas\Downloads\Nepotvrzeno 327736.crdownload
2014-06-11 16:37 - 2014-06-11 16:37 - 01333465 _____ () C:\Users\Tomas\Downloads\adwcleaner_3.212 (1).exe
2014-06-11 16:23 - 2014-06-11 16:30 - 00000000 ____D () C:\Users\Tomas\Desktop\mbar
2014-06-11 16:23 - 2014-06-11 16:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tomas\Downloads\mbar-1.07.0.1012.exe
2014-06-11 14:06 - 2014-06-11 14:07 - 00000000 ____D () C:\rsit
2014-06-11 14:06 - 2014-06-11 14:07 - 00000000 ____D () C:\Program Files\trend micro
2014-06-11 14:06 - 2014-06-11 14:06 - 01222144 _____ () C:\Users\Tomas\Downloads\RSITx64.exe
2014-06-11 13:57 - 2014-06-11 16:38 - 00000000 ____D () C:\AdwCleaner
2014-06-11 13:57 - 2014-06-11 13:57 - 01333465 _____ () C:\Users\Tomas\Downloads\adwcleaner_3.212.exe
2014-06-11 13:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
C:\Users\Tomas\AppData\Roaming\CamLayout.ini
C:\Users\Tomas\AppData\Roaming\CamShapes.ini
C:\Users\Public\ASR.dat
C:\Users\Tomas\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Tomas\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Tomas\AppData\Local\Temp\Quarantine.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\S-1-5-21-3271458213-3823914991-552590305-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
C:\Users\Tomas\Downloads\Nepotvrzeno 526435.crdownload => Moved successfully.
C:\Users\Tomas\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Tomas\Downloads\Nepotvrzeno 327736.crdownload => Moved successfully.
C:\Users\Tomas\Downloads\adwcleaner_3.212 (1).exe => Moved successfully.
C:\Users\Tomas\Desktop\mbar => Moved successfully.
C:\Users\Tomas\Downloads\mbar-1.07.0.1012.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\Tomas\Downloads\RSITx64.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Tomas\Downloads\adwcleaner_3.212.exe => Moved successfully.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\Users\Tomas\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Tomas\AppData\Roaming\CamShapes.ini => Moved successfully.
"C:\Users\Public\ASR.dat" => File/Directory not found.
C:\Users\Tomas\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\Tomas\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Tomas\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Jak se chova PC??

normálně, i předtím šlo normálně, jelikož avast zablokoval ty dll knihovny pro miner.
jinak co s těma složkama v WinUpdate\c a \g ?? ručně smáznout a hotovo ?

Ano, zkuste je rucne, kdyz nepujdou, vezmem to nastrojem

ok, díky moc za skoro "real-time" pomoc, určitě vás čeká příspěvek

VIRY.CZ

winlog.exe spousteni

winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni

Re: winlog.exe spousteni