VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problem s virem

https://forum.viry.cz:443/viewtopic.php?t=140203

Stránka 1 z 1

Problem s virem

Napsal: 12 zář 2014 09:15
od limcak1
Mam problem s windows7 nejde spustit zadny antivir respektive je spustit jde ale nejde spustit zadny stit ani sken. prve byla avira ta prestala fungovat zniceho nic. pak avast a ted avg. co to muze byt





Logfile of random's system information tool 1.10 (written by random/random)
Run by Janinka a Lumirek at 2014-09-12 10:13:04
Microsoft Windows 7 Ultimate
System drive C: has 79 GB (53%) free of 150 GB
Total RAM: 3561 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:11, on 12.9.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Users\Janinka a Lumirek\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Janinka a Lumirek\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Janinka a Lumirek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Janinka a Lumirek\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7269 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Janinka a Lumirek\AppData\Roaming\Mozilla\Firefox\Profiles\6agwxo6e.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-08-19 379960]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-09-28 343168]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2014-09-05 3593744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\Janinka [2014-09-06 1094]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-09-12 10:13:04 ----D---- C:\rsit
2014-09-12 10:13:04 ----D---- C:\Program Files (x86)\trend micro
2014-09-12 09:41:12 ----D---- C:\ProgramData\Malwarebytes
2014-09-12 09:41:12 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 09:19:58 ----D---- C:\Users\Janinka a Lumirek\AppData\Roaming\AVG2015
2014-09-12 09:19:39 ----D---- C:\Users\Janinka a Lumirek\AppData\Roaming\TuneUp Software
2014-09-12 09:19:19 ----HD---- C:\$AVG
2014-09-12 09:19:19 ----D---- C:\ProgramData\AVG2015
2014-09-12 09:18:45 ----D---- C:\Program Files (x86)\AVG
2014-09-12 09:12:44 ----D---- C:\ProgramData\MFAData
2014-09-11 20:04:45 ----D---- C:\Users\Janinka a Lumirek\AppData\Roaming\Xilisoft
2014-09-11 20:03:41 ----D---- C:\ProgramData\Xilisoft
2014-09-11 20:03:41 ----D---- C:\Program Files (x86)\Xilisoft
2014-09-11 12:38:37 ----D---- C:\ProgramData\AVAST Software
2014-09-11 12:29:39 ----D---- C:\Windows\pss
2014-09-11 09:23:07 ----D---- C:\Program Files (x86)\Codemasters
2014-09-09 11:49:59 ----D---- C:\Program Files (x86)\Return to Castle Wolfenstein
2014-09-09 11:48:08 ----A---- C:\Windows\Rtcw.INI
2014-09-04 12:31:21 ----D---- C:\Program Files (x86)\AC3Filter

======List of files/folders modified in the last 1 month======

2014-09-12 10:13:04 ----RD---- C:\Program Files (x86)
2014-09-12 10:09:36 ----D---- C:\Users\Janinka a Lumirek\AppData\Roaming\uTorrent
2014-09-12 09:53:45 ----D---- C:\Windows\AppPatch
2014-09-12 09:51:59 ----D---- C:\Windows\Temp
2014-09-12 09:41:12 ----HD---- C:\ProgramData
2014-09-12 09:19:52 ----SHD---- C:\Windows\Installer
2014-09-12 09:19:01 ----SHD---- C:\System Volume Information
2014-09-12 09:18:22 ----D---- C:\Windows\SysWOW64
2014-09-12 09:18:22 ----D---- C:\Windows\System32
2014-09-12 08:53:27 ----D---- C:\Program Files
2014-09-12 08:53:24 ----D---- C:\Windows
2014-09-11 20:04:17 ----D---- C:\Windows\winsxs
2014-09-11 14:53:49 ----D---- C:\Windows\Tasks
2014-09-11 14:22:40 ----SHD---- C:\$Recycle.Bin
2014-09-11 12:41:52 ----AD---- C:\ProgramData\TEMP
2014-09-11 12:25:52 ----D---- C:\ProgramData\Avira
2014-09-11 09:38:03 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 09:22:24 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2014-09-04 10:42:19 ----D---- C:\Windows\inf
2014-09-04 09:23:42 ----D---- C:\Windows\Prefetch
2014-08-31 09:00:14 ----D---- C:\Program Files (x86)\Noční obloha
2014-08-30 19:48:37 ----D---- C:\Users\Janinka a Lumirek\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys []
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
S0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys []
S0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys []
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
S0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
S1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys []
S1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys []
S1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
S1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AMD FUEL Service;AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-09-05 293448]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-09-05 3364368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-06 257712]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-07-30 119408]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-07-08 4153184]

-----------------EOF-----------------
Diky moc a hodne to specha :cry:

Re: Problem s virem

Napsal: 12 zář 2014 09:23
od limcak1
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Janinka a Lumirek (administrator) on JANINKAALUMIREK on 12-09-2014 10:21:54
Running from C:\Users\Janinka a Lumirek\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(BitTorrent Inc.) C:\Users\Janinka a Lumirek\AppData\Roaming\uTorrent\uTorrent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1827563329-2551110931-1650104122-1000\...\Run: [uTorrent] => C:\Users\Janinka a Lumirek\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244

FireFox:
========
FF ProfilePath: C:\Users\Janinka a Lumirek\AppData\Roaming\Mozilla\Firefox\Profiles\6agwxo6e.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Janinka a Lumirek\AppData\Roaming\Mozilla\Firefox\Profiles\6agwxo6e.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\Janinka a Lumirek\AppData\Roaming\Mozilla\Firefox\Profiles\6agwxo6e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-22]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files (x86)\LyricsPal\125.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "8e2b818ce88c580f" service could not be unlocked. <===== ATTENTION

R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 8e2b818ce88c580f; C:\Windows\System32\Drivers\8e2b818ce88c580f.sys [41936 2014-09-03] () <===== ATTENTION Necurs Rootkit?
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [79488 2011-06-17] () [File not signed]
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [40064 2011-06-17] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] () [File not signed]
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [114704 2011-03-30] () [File not signed]
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [4729408 2011-05-21] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-21] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [974848 2009-07-14] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] () [File not signed]
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed]
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed]
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] () [File not signed]
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153152 2009-07-14] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] () [File not signed]
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] () [File not signed]
R0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-14] () [File not signed]
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] () [File not signed]
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] () [File not signed]
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [338536 2011-05-30] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [412264 2010-12-01] () [File not signed]
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [878184 2012-03-13] () [File not signed]
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] () [File not signed]
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109568 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] () [File not signed]
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [53376 2011-08-18] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] () [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] () [File not signed]
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184576 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [200272 2009-07-14] () [File not signed]
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [21760 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed]
R0 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-14] () [File not signed]
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] () [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 10:21 - 2014-09-12 10:22 - 00030439 _____ () C:\Users\Janinka a Lumirek\Downloads\FRST.txt
2014-09-12 10:21 - 2014-09-12 10:21 - 00000000 ____D () C:\FRST
2014-09-12 10:19 - 2014-09-12 10:21 - 02105856 _____ (Farbar) C:\Users\Janinka a Lumirek\Downloads\FRST64.exe
2014-09-12 10:19 - 2014-09-12 10:19 - 00112107 _____ (forum.viry.cz) C:\Users\Janinka a Lumirek\Downloads\VerzeOS.exe
2014-09-12 10:13 - 2014-09-12 10:13 - 00000000 ____D () C:\rsit
2014-09-12 10:13 - 2014-09-12 10:13 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-09-12 10:12 - 2014-09-12 10:12 - 01107968 _____ () C:\Users\Janinka a Lumirek\Downloads\RSIT.exe
2014-09-12 09:41 - 2014-09-12 09:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 09:41 - 2014-09-12 09:41 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 09:41 - 2014-09-12 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 09:41 - 2014-09-12 09:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 09:41 - 2014-09-12 09:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 09:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 09:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 09:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-12 09:39 - 2014-09-12 09:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Janinka a Lumirek\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-12 09:19 - 2014-09-12 09:19 - 00000977 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ___HD () C:\$AVG
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\TuneUp Software
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\AVG2015
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-12 09:18 - 2014-09-12 09:18 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-12 09:13 - 2014-09-12 09:19 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Local\Avg2015
2014-09-12 09:12 - 2014-09-12 09:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-12 09:12 - 2014-09-12 09:12 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Local\MFAData
2014-09-12 09:12 - 2014-09-12 09:12 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Local\Avg2014
2014-09-11 20:52 - 2014-09-11 20:57 - 95832738 _____ () C:\Users\Janinka a Lumirek\Desktop\9 11 Dôkazy explózií - Architekti prehovorili SK titulky 2012[720P]__[Galaxy].mp4
2014-09-11 20:05 - 2014-06-27 13:56 - 679021755 _____ () C:\Users\Janinka a Lumirek\Desktop\9 11 Dôkazy explózií - Architekti prehovorili SK titulky 2012[720P].MP4
2014-09-11 20:04 - 2014-09-11 20:04 - 00001275 _____ () C:\Users\Public\Desktop\Xilisoft Download YouTube Video.lnk
2014-09-11 20:04 - 2014-09-11 20:04 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\Xilisoft
2014-09-11 20:04 - 2014-09-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2014-09-11 20:03 - 2014-09-11 20:03 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-09-11 20:03 - 2014-09-11 20:03 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2014-09-11 20:00 - 2014-09-11 20:02 - 27311592 _____ () C:\Users\Janinka a Lumirek\Downloads\x-download-youtube-video5.exe
2014-09-11 14:53 - 2014-09-11 15:09 - 155862088 _____ (AVG Technologies) C:\Users\Janinka a Lumirek\Downloads\avg_free_x86_all_2014_4716a7754.exe
2014-09-11 14:22 - 2014-09-11 14:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-11 13:58 - 2014-09-11 13:58 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1410436726993
2014-09-11 12:38 - 2014-09-12 08:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-11 12:29 - 2014-09-11 12:29 - 00000000 ____D () C:\Windows\pss
2014-09-11 12:28 - 2014-09-11 12:29 - 04862664 _____ (AVAST Software) C:\Users\Janinka a Lumirek\Downloads\avast_free_antivirus_setup_online.exe
2014-09-11 09:28 - 2014-09-11 09:28 - 00002197 _____ () C:\Users\Janinka a Lumirek\Desktop\Colin McRae Rally 3.lnk
2014-09-11 09:28 - 2014-09-11 09:28 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-09-11 09:28 - 2014-09-11 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-09-11 09:23 - 2014-09-11 09:23 - 00000000 ____D () C:\Program Files (x86)\Codemasters
2014-09-09 11:54 - 2014-09-09 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2014-09-09 11:49 - 2014-09-09 21:02 - 00000000 ____D () C:\Program Files (x86)\Return to Castle Wolfenstein
2014-09-09 11:48 - 2014-09-09 12:02 - 00000600 _____ () C:\Windows\Rtcw.INI
2014-09-09 11:48 - 2006-02-27 17:36 - 15907036 _____ (Macromedia, Inc.) C:\Users\Janinka a Lumirek\Desktop\vesmir_start.exe
2014-09-09 11:48 - 2001-06-19 17:53 - 00266293 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-09-09 09:55 - 2014-09-09 11:47 - 00000000 ____D () C:\Users\Janinka a Lumirek\Downloads\film
2014-09-04 12:31 - 2014-09-04 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2014-09-04 12:31 - 2014-09-04 12:31 - 00000000 ____D () C:\Program Files (x86)\AC3Filter
2014-09-04 12:31 - 2012-06-17 22:18 - 01202688 _____ () C:\Windows\system32\ac3filter64.acm
2014-09-04 12:31 - 2012-06-17 22:10 - 00965120 _____ () C:\Windows\SysWOW64\ac3filter.acm
2014-09-03 09:29 - 2014-09-03 09:29 - 00000000 ____D () C:\Users\Janinka a Lumirek\Downloads\Nová složka
2014-09-03 09:22 - 2014-09-03 09:22 - 00041936 _____ () C:\Windows\system32\Drivers\8e2b818ce88c580f.sys
2014-09-02 09:59 - 2014-09-02 10:01 - 00000000 ____D () C:\Users\Janinka a Lumirek\Desktop\wifi zaloha
2014-09-01 09:23 - 2014-09-01 10:02 - 00000000 ____D () C:\Users\Janinka a Lumirek\Desktop\Nová složka
2014-09-01 09:18 - 2014-09-01 10:04 - 00000000 ____D () C:\Program Files\Recuva
2014-08-20 21:45 - 2014-08-20 21:45 - 00243480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 10:22 - 2014-09-12 10:21 - 00030439 _____ () C:\Users\Janinka a Lumirek\Downloads\FRST.txt
2014-09-12 10:21 - 2014-09-12 10:21 - 00000000 ____D () C:\FRST
2014-09-12 10:21 - 2014-09-12 10:19 - 02105856 _____ (Farbar) C:\Users\Janinka a Lumirek\Downloads\FRST64.exe
2014-09-12 10:19 - 2014-09-12 10:19 - 00112107 _____ (forum.viry.cz) C:\Users\Janinka a Lumirek\Downloads\VerzeOS.exe
2014-09-12 10:19 - 2014-06-01 15:01 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\uTorrent
2014-09-12 10:17 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 10:17 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 10:13 - 2014-09-12 10:13 - 00000000 ____D () C:\rsit
2014-09-12 10:13 - 2014-09-12 10:13 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-09-12 10:12 - 2014-09-12 10:12 - 01107968 _____ () C:\Users\Janinka a Lumirek\Downloads\RSIT.exe
2014-09-12 09:54 - 2009-07-14 06:51 - 00079207 _____ () C:\Windows\setupact.log
2014-09-12 09:53 - 2013-07-21 17:47 - 00810648 _____ () C:\Windows\PFRO.log
2014-09-12 09:42 - 2014-09-12 09:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 09:41 - 2014-09-12 09:41 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 09:41 - 2014-09-12 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 09:41 - 2014-09-12 09:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 09:41 - 2014-09-12 09:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 09:40 - 2014-09-12 09:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Janinka a Lumirek\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-12 09:28 - 2014-09-12 09:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-12 09:19 - 2014-09-12 09:19 - 00000977 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ___HD () C:\$AVG
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\TuneUp Software
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\AVG2015
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-12 09:19 - 2014-09-12 09:19 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-12 09:19 - 2014-09-12 09:13 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Local\Avg2015
2014-09-12 09:18 - 2014-09-12 09:18 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-12 09:12 - 2014-09-12 09:12 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Local\MFAData
2014-09-12 09:12 - 2014-09-12 09:12 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Local\Avg2014
2014-09-12 08:53 - 2014-09-11 12:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-11 20:57 - 2014-09-11 20:52 - 95832738 _____ () C:\Users\Janinka a Lumirek\Desktop\9 11 Dôkazy explózií - Architekti prehovorili SK titulky 2012[720P]__[Galaxy].mp4
2014-09-11 20:04 - 2014-09-11 20:04 - 00001275 _____ () C:\Users\Public\Desktop\Xilisoft Download YouTube Video.lnk
2014-09-11 20:04 - 2014-09-11 20:04 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\Xilisoft
2014-09-11 20:04 - 2014-09-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2014-09-11 20:03 - 2014-09-11 20:03 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-09-11 20:03 - 2014-09-11 20:03 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2014-09-11 20:02 - 2014-09-11 20:00 - 27311592 _____ () C:\Users\Janinka a Lumirek\Downloads\x-download-youtube-video5.exe
2014-09-11 15:09 - 2014-09-11 14:53 - 155862088 _____ (AVG Technologies) C:\Users\Janinka a Lumirek\Downloads\avg_free_x86_all_2014_4716a7754.exe
2014-09-11 14:22 - 2014-09-11 14:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-11 13:58 - 2014-09-11 13:58 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1410436726993
2014-09-11 12:41 - 2013-07-21 17:10 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-11 12:29 - 2014-09-11 12:29 - 00000000 ____D () C:\Windows\pss
2014-09-11 12:29 - 2014-09-11 12:28 - 04862664 _____ (AVAST Software) C:\Users\Janinka a Lumirek\Downloads\avast_free_antivirus_setup_online.exe
2014-09-11 12:25 - 2013-07-21 16:56 - 00000000 ____D () C:\ProgramData\Avira
2014-09-11 12:17 - 2013-07-21 15:00 - 01169776 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 10:02 - 2014-06-02 09:23 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-11 09:38 - 2013-07-21 16:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 09:28 - 2014-09-11 09:28 - 00002197 _____ () C:\Users\Janinka a Lumirek\Desktop\Colin McRae Rally 3.lnk
2014-09-11 09:28 - 2014-09-11 09:28 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-09-11 09:28 - 2014-09-11 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-09-11 09:23 - 2014-09-11 09:23 - 00000000 ____D () C:\Program Files (x86)\Codemasters
2014-09-09 21:02 - 2014-09-09 11:49 - 00000000 ____D () C:\Program Files (x86)\Return to Castle Wolfenstein
2014-09-09 12:02 - 2014-09-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2014-09-09 12:02 - 2014-09-09 11:48 - 00000600 _____ () C:\Windows\Rtcw.INI
2014-09-09 11:47 - 2014-09-09 09:55 - 00000000 ____D () C:\Users\Janinka a Lumirek\Downloads\film
2014-09-06 21:06 - 2013-07-24 10:53 - 00001094 _____ () C:\Users\Janinka
2014-09-06 21:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-04 12:31 - 2014-09-04 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2014-09-04 12:31 - 2014-09-04 12:31 - 00000000 ____D () C:\Program Files (x86)\AC3Filter
2014-09-04 10:42 - 2009-07-14 17:18 - 00669198 _____ () C:\Windows\system32\perfh005.dat
2014-09-04 10:42 - 2009-07-14 17:18 - 00140798 _____ () C:\Windows\system32\perfc005.dat
2014-09-04 10:42 - 2009-07-14 07:13 - 01583754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 09:29 - 2014-09-03 09:29 - 00000000 ____D () C:\Users\Janinka a Lumirek\Downloads\Nová složka
2014-09-03 09:22 - 2014-09-03 09:22 - 00041936 _____ () C:\Windows\system32\Drivers\8e2b818ce88c580f.sys
2014-09-02 10:01 - 2014-09-02 09:59 - 00000000 ____D () C:\Users\Janinka a Lumirek\Desktop\wifi zaloha
2014-09-01 10:04 - 2014-09-01 09:18 - 00000000 ____D () C:\Program Files\Recuva
2014-09-01 10:02 - 2014-09-01 09:23 - 00000000 ____D () C:\Users\Janinka a Lumirek\Desktop\Nová složka
2014-09-01 10:01 - 2013-07-21 16:05 - 00000000 ____D () C:\Users\Janinka a Lumirek
2014-08-31 09:00 - 2014-06-13 09:59 - 00000000 ____D () C:\Program Files (x86)\Noční obloha
2014-08-30 19:48 - 2013-07-21 16:59 - 00000000 ____D () C:\Users\Janinka a Lumirek\AppData\Roaming\Skype
2014-08-20 21:45 - 2014-08-20 21:45 - 00243480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys

Some content of TEMP:
====================
C:\Users\Janinka a Lumirek\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 01:20] - [2009-07-14 03:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2013-09-11 09:06

==================== End Of Log ============================

Re: Problem s virem

Napsal: 12 zář 2014 10:23
od vyosek
Zdravim :)

:arrow: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze :?:

Re: Problem s virem

Napsal: 12 zář 2014 10:32
od limcak1
ano je to legalni. neni to muje pc. a windows instaloval nekdo jiny a byla to multilicence s firmy. je to laptop tchyne a tchana. vse je ok az na ty antiviry. prosim pomozte

Re: Problem s virem

Napsal: 12 zář 2014 10:44
od vyosek
:arrow: Je tam totiz hoodne silna havet, zkusime polecit

:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbar
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Re: Problem s virem

Napsal: 12 zář 2014 11:24
od limcak1
super moc dekuji za pomoc avg uz slape a pc jede v pohode. je ted vse ok_


Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.12.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Janinka a Lumirek :: JANINKAALUMIREK [administrator]

12.9.2014 11:59:32
mbar-log-2014-09-12 (11-59-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 300366
Time elapsed: 13 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\SYSTEM32\drivers\8e2b818ce88c580f.sys (Rootkit.Necurs.GO) -> Delete on reboot. [9f8797e5849268ad26f91fae67e42633]
c:\Windows\Installer\{2187410D-12DB-D9BA-7B83-07B85B092862}\syshost.exe (Rootkit.Necurs.FMSGen) -> Delete on reboot. [d52b07e55c1f87af84153476ed14df21]
c:\Windows\Temp\syshost.exe (Spyware.Agent) -> Delete on reboot. [2cd47a724d2edf573ee9bd22c04304fc]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Re: Problem s virem

Napsal: 12 zář 2014 11:26
od vyosek
:arrow: Nyni tam pustte klasicky MBAM dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928

Re: Problem s virem

Napsal: 12 zář 2014 11:55
od limcak1
zatim skenuje. musim ted na par hodin odejit :( tak log poslu pozdeji. zatim mnohokrat dekuji a vazim si toho co delate

Re: Problem s virem

Napsal: 12 zář 2014 11:57
od vyosek
OuKej, prozatim nemate zac :worship:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz