VIRY.CZ

Dobrý den, rychle jsem sem koukal a koukám, že nejsem jediný.Zkoušel jsem pár návodu co mi kdo poradil a nic nepomohlo. Posílám RSIT LOG Předem Děkuji Dan.

Logfile of random's system information tool 1.10 (written by random/random)
Run by start at 2015-02-14 13:53:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (12%) free of 110 GB
Total RAM: 1023 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:54:28, on 14.2.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Documents and Settings\start\Plocha\RSIT.exe
C:\Program Files\trend micro\start.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=24027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [WoctEpub] regsvr32.exe "C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\WoctEpub\SuwyoCrehu.wwx"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\start\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\start\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS2\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS2\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe

--
End of file - 5635 bytes

======Scheduled tasks folder======

C:\WINDOWS2\tasks\Adobe Flash Player Updater.job - C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS2\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS2\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS2\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS2\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS2\system32\xp_eos.exe
C:\WINDOWS2\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS2\system32\xp_eos.exe -c

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-06 586968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS2\SOUNDMAN.EXE [2006-11-17 577536]
"NvCplDaemon"=C:\WINDOWS2\system32\NvCpl.dll [2014-07-02 15724320]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2014-07-02 2593056]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-01-27 5227112]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS2\system32\ctfmon.exe [2008-04-14 15360]
"WoctEpub"=regsvr32.exe C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\WoctEpub\SuwyoCrehu.wwx []
"cz.seznam.software.autoupdate"=C:\Documents and Settings\start\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Documents and Settings\start\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS2\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LMIRescue_bd694ca2-8720-4c20-a89c-4e486c26c1c3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe"="C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS2\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS2\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2015-02-14 13:53:48 ----D---- C:\Program Files\trend micro
2015-02-14 13:53:45 ----D---- C:\rsit
2015-02-14 13:52:01 ----A---- C:\RSIT.exe
2015-02-14 12:37:20 ----SHD---- C:\RECYCLER
2015-02-14 12:34:12 ----SHD---- C:\WINDOWS2\CSC
2015-02-13 22:32:40 ----SD---- C:\32788R22FWJFW
2015-02-13 20:57:01 ----A---- C:\Boot.bak
2015-02-13 20:56:39 ----RASHD---- C:\cmdcons
2015-02-13 20:50:11 ----A---- C:\WINDOWS2\MBR.exe
2015-02-13 20:50:10 ----A---- C:\WINDOWS2\zip.exe
2015-02-13 20:50:10 ----A---- C:\WINDOWS2\SWXCACLS.exe
2015-02-13 20:50:10 ----A---- C:\WINDOWS2\SWSC.exe
2015-02-13 20:50:10 ----A---- C:\WINDOWS2\SWREG.exe
2015-02-13 20:50:10 ----A---- C:\WINDOWS2\sed.exe
2015-02-13 20:50:10 ----A---- C:\WINDOWS2\PEV.exe
2015-02-13 20:50:10 ----A---- C:\WINDOWS2\NIRCMD.exe
2015-02-13 20:50:10 ----A---- C:\WINDOWS2\grep.exe
2015-02-13 20:48:50 ----D---- C:\Qoobox
2015-02-13 20:47:55 ----D---- C:\WINDOWS2\erdnt
2015-02-13 20:34:52 ----A---- C:\WINDOWS2\system32\drivers\Trufos.sys
2015-02-13 20:31:03 ----A---- C:\WINDOWS2\system32\drivers\tapwp01.sys
2015-02-13 20:31:00 ----D---- C:\Program Files\Nejdeto Antivirus
2015-02-13 19:41:59 ----D---- C:\Documents and Settings\start\Data aplikací\Seznam.cz
2015-02-13 19:02:35 ----D---- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Malwarebytes
2015-02-13 18:36:09 ----A---- C:\WINDOWS2\system32\drivers\hitmanpro37.sys
2015-02-13 18:36:08 ----D---- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\HitmanPro
2015-02-13 18:34:05 ----A---- C:\WINDOWS2\system32\zerobyte_files_deleted.txt
2015-02-13 18:34:03 ----A---- C:\WINDOWS2\zerobyte_files_deleted.txt
2015-02-13 18:32:43 ----A---- C:\WINDOWS2\system32\oeminfo.ini
2015-02-13 14:36:30 ----D---- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\WoctEpub

======List of files/folders modified in the last 1 month======

2015-02-14 13:53:48 ----RD---- C:\Program Files
2015-02-14 13:48:42 ----A---- C:\WINDOWS2\SchedLgU.Txt
2015-02-14 13:48:14 ----RASH---- C:\boot.ini
2015-02-14 13:27:38 ----D---- C:\WINDOWS2\Temp
2015-02-14 12:37:19 ----D---- C:\WINDOWS2\system32
2015-02-14 12:37:18 ----D---- C:\WINDOWS2
2015-02-13 22:34:11 ----D---- C:\WINDOWS2\system32\drivers
2015-02-13 21:40:57 ----SHD---- C:\WINDOWS2\Installer
2015-02-13 21:40:57 ----D---- C:\Config.Msi
2015-02-13 21:22:56 ----SHD---- C:\System Volume Information
2015-02-13 21:22:56 ----D---- C:\WINDOWS2\system32\Restore
2015-02-13 21:17:23 ----A---- C:\WINDOWS2\system.ini
2015-02-13 21:17:11 ----D---- C:\WINDOWS2\system32\drivers\etc
2015-02-13 21:12:50 ----D---- C:\WINDOWS2\AppPatch
2015-02-13 21:12:47 ----D---- C:\Program Files\Common Files
2015-02-13 20:35:11 ----HD---- C:\WINDOWS2\inf
2015-02-13 20:31:09 ----D---- C:\WINDOWS2\system32\CatRoot2
2015-02-13 20:30:48 ----SD---- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Microsoft
2015-02-13 19:44:14 ----D---- C:\Program Files\Microsoft Security Client
2015-02-13 19:44:06 ----SD---- C:\WINDOWS2\Tasks
2015-02-13 19:42:58 ----D---- C:\Program Files\Google
2015-02-13 19:41:36 ----D---- C:\Program Files\Seznam.cz
2015-02-13 18:34:06 ----D---- C:\Temp
2015-02-13 18:34:04 ----D---- C:\WINDOWS2\Prefetch
2015-02-13 14:29:04 ----D---- C:\Program Files\The KMPlayer
2015-02-11 07:11:09 ----D---- C:\WINDOWS2\system32\MRT
2015-02-11 07:06:00 ----A---- C:\WINDOWS2\system32\MRT.exe
2015-02-11 07:05:32 ----D---- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Microsoft Help
2015-02-08 10:35:37 ----A---- C:\WINDOWS2\system32\FlashPlayerApp.exe
2015-01-23 16:11:23 ----D---- C:\WINDOWS2\Network Diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\WINDOWS2\system32\drivers\aswRdr.sys [2014-12-06 55240]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS2\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS2\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS2\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS2\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS2\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 tapwp01;TAP-Windows Adapter V9 (WiFi Protector); C:\WINDOWS2\system32\DRIVERS\tapwp01.sys [2014-10-29 35288]
S0 aswRvrt;avast! Revert; C:\WINDOWS2\system32\drivers\aswRvrt.sys [2014-12-06 49944]
S0 aswVmm;avast! VM Monitor; C:\WINDOWS2\system32\drivers\aswVmm.sys [2014-12-06 206248]
S1 aswSnx;aswSnx; C:\WINDOWS2\system32\drivers\aswSnx.sys [2014-12-06 787800]
S1 aswSP;aswSP; C:\WINDOWS2\system32\drivers\aswSP.sys [2014-12-06 423784]
S1 aswTdi;aswTdi; C:\WINDOWS2\system32\drivers\aswTdi.sys [2014-12-06 57928]
S1 bfqzbxsa;bfqzbxsa; \??\C:\WINDOWS2\system32\drivers\bfqzbxsa.sys []
S2 aswHwid;avast! HardwareID; C:\WINDOWS2\system32\drivers\aswHwid.sys [2014-12-06 24184]
S2 aswMonFlt;aswMonFlt; C:\WINDOWS2\system32\drivers\aswMonFlt.sys [2014-12-06 70384]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS2\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
S3 catchme;catchme; \??\C:\WINDOWS2\TEMP\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS2\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\WINDOWS2\system32\drivers\hitmanpro37.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS2\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS2\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS2\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS2\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nv;nv; C:\WINDOWS2\system32\DRIVERS\nv4_mini.sys [2014-07-02 12695512]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS2\system32\drivers\nvhda32.sys [2014-08-11 129312]
S3 Trufos;Trufos; C:\WINDOWS2\system32\DRIVERS\Trufos.sys [2015-01-29 408280]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS2\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS2\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS2\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS2\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-06 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS2\system32\nvsvc32.exe [2014-07-02 157144]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim

Vidim ze uz i s ComboFixem jste si hral

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by start (administrator) on XP on 14-02-2015 14:22:22
Running from C:\Documents and Settings\start\Plocha
Loaded Profiles: start (Available profiles: start)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS2\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS2\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS2\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS2\system32\services.exe
(Microsoft Corporation) C:\WINDOWS2\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\explorer.exe
(forum.viry.cz) C:\Documents and Settings\start\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS2\system32\wbem\wmiprvse.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS2\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-07-02] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Winlogon: [Userinit] C:\WINDOWS2\system32\userinit.exe,
HKLM\...\Winlogon: [UIHost] C:\WINDOWS2\system32\logonui.exe [515072 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS2\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS2\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS2\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS2\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS2\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS2\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINDOWS2\system32\WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\...\Run: [CTFMON.EXE] => C:\WINDOWS2\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\...\Run: [WoctEpub] => regsvr32.exe "C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\WoctEpub\SuwyoCrehu.wwx"
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\start\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\start\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\...\Run: [WiFiProtLauncher] => C:\Program Files\Nejdeto Antivirus\WiFiProtLauncher.exe [818176 2015-02-06] (Optimal Software s.r.o.)
Startup: C:\Documents and Settings\Fanda\Nabídka Start\Programy\Po spuštění\YoWindow.lnk
ShortcutTarget: YoWindow.lnk -> C:\Program Files\YoWindow\yowindow.exe (Repkasoft)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=24027
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=24027
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=24027
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-2025429265-1390067357-1417001333-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS2\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS2\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS2\system32\shell32.dll [8466944 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS2\system32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINDOWS2\system32\mswsock.dll [247296] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-06]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-06]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-06]
CHR Extension: (Disk Google) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-06]
CHR Extension: (YouTube) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-06]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-06]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-06]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-06]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-06]
CHR Extension: (Gmail) - C:\Documents and Settings\start\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-06]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2015-02-08] (Adobe Systems Incorporated)
S4 Alerter; C:\WINDOWS2\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
S3 ALG; C:\WINDOWS2\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
S3 AppMgmt; C:\WINDOWS2\System32\appmgmts.dll [171008 2008-04-14] (Microsoft Corporation)
S3 aspnet_state; C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
S2 AudioSrv; C:\WINDOWS2\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
S2 BITS; C:\WINDOWS2\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S2 Browser; C:\WINDOWS2\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S3 CiSvc; C:\WINDOWS2\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS2\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS2\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS2\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS2\System32\dhcpcsvc.dll [125952 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS2\System32\dmadmin.exe [225280 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINDOWS2\System32\dmserver.dll [24064 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS2\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS2\System32\dot3svc.dll [132608 2008-04-14] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS2\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S2 ERSvc; C:\WINDOWS2\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS2\system32\services.exe [111104 2009-02-09] (Microsoft Corporation)
S3 EventSystem; C:\WINDOWS2\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S3 FastUserSwitchingCompatibility; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
R2 helpsvc; C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS2\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
S3 HTTPFilter; C:\WINDOWS2\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS2\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS2\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS2\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS2\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS2\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS2\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS2\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS2\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
S3 napagent; C:\WINDOWS2\System32\qagentrt.dll [293376 2008-04-14] (Microsoft Corporation)
S4 NetDDE; C:\WINDOWS2\system32\netdde.exe [111616 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS2\system32\netdde.exe [111616 2008-04-14] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINDOWS2\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S3 Nla; C:\WINDOWS2\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS2\system32\ntmssvc.dll [435712 2008-04-14] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NVSvc; C:\WINDOWS2\system32\nvsvc32.exe [157144 2014-07-02] (NVIDIA Corporation)
R2 PlugPlay; C:\WINDOWS2\system32\services.exe [111104 2009-02-09] (Microsoft Corporation)
S2 PolicyAgent; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S2 ProtectedStorage; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS2\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
S3 RasMan; C:\WINDOWS2\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS2\system32\sessmgr.exe [141824 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS2\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
S2 RemoteRegistry; C:\WINDOWS2\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS2\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS2\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINDOWS2\system32\rsvp.exe [132608 2001-10-25] (Microsoft Corporation)
S2 SamSs; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS2\System32\SCardSvr.exe [97792 2008-04-14] (Microsoft Corporation)
S2 Schedule; C:\WINDOWS2\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
S2 seclogon; C:\WINDOWS2\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
S2 SENS; C:\WINDOWS2\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS2\System32\ipnathlp.dll [329728 2008-04-14] (Microsoft Corporation)
S2 ShellHWDetection; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S2 Spooler; C:\WINDOWS2\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINDOWS2\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S3 SSDPSRV; C:\WINDOWS2\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
S2 stisvc; C:\WINDOWS2\system32\wiaservc.dll [334336 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS2\system32\smlogsvc.exe [90112 2008-04-14] (Microsoft Corporation)
S3 TapiSrv; C:\WINDOWS2\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R3 TermService; C:\WINDOWS2\System32\termsrv.dll [295936 2008-04-14] (Microsoft Corporation)
S2 Themes; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S3 TlntSvr; C:\WINDOWS2\system32\tlntsvr.exe [73728 2008-04-14] (Microsoft Corporation)
S2 TrkWks; C:\WINDOWS2\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS2\System32\upnphost.dll [186368 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINDOWS2\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINDOWS2\System32\vssvc.exe [290816 2008-04-14] (Microsoft Corporation)
S2 W32Time; C:\WINDOWS2\system32\w32time.dll [176640 2008-04-14] (Microsoft Corporation)
S2 WebClient; C:\WINDOWS2\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
S2 wifiProtService; C:\Program Files\Nejdeto Antivirus\wifiProtService.exe [1703424 2015-02-06] (Optimal Software s.r.o.) [File not signed]
R2 winmgmt; C:\WINDOWS2\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS2\system32\mspmsnsv.dll [52224 2008-04-14] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS2\System32\advapi32.dll [684032 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS2\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation)
S2 wscsvc; C:\WINDOWS2\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
S2 wuauserv; C:\WINDOWS2\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS2\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS2\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS2\system32\dllhost.exe /Processid:{134A5A31-9D4C-4304-ACA1-069A6D9C2A27}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS2\System32\DRIVERS\ACPI.sys [188288 2008-04-14] (Microsoft Corporation)
S4 ACPIEC; C:\WINDOWS2\system32\Drivers\ACPIEC.sys [11776 2001-10-25] (Microsoft Corporation)
S3 aec; C:\WINDOWS2\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINDOWS2\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
S3 ALCXWDM; C:\WINDOWS2\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
S2 aswHwid; C:\WINDOWS2\system32\drivers\aswHwid.sys [24184 2014-12-06] ()
S2 aswMonFlt; C:\WINDOWS2\system32\drivers\aswMonFlt.sys [70384 2014-12-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS2\system32\drivers\aswRdr.sys [55240 2014-12-06] (AVAST Software)
S0 aswRvrt; C:\WINDOWS2\system32\Drivers\aswRvrt.sys [49944 2014-12-06] ()
S1 aswSnx; C:\WINDOWS2\system32\drivers\aswSnx.sys [787800 2014-12-06] (AVAST Software)
S1 aswSP; C:\WINDOWS2\system32\drivers\aswSP.sys [423784 2014-12-06] (AVAST Software)
S1 aswTdi; C:\WINDOWS2\system32\drivers\aswTdi.sys [57928 2014-12-06] (AVAST Software)
S0 aswVmm; C:\WINDOWS2\system32\Drivers\aswVmm.sys [206248 2014-12-06] ()
S3 AsyncMac; C:\WINDOWS2\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINDOWS2\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
S3 Atmarpc; C:\WINDOWS2\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
S3 audstub; C:\WINDOWS2\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINDOWS2\system32\Drivers\Beep.sys [4224 2001-10-25] (Microsoft Corporation)
S4 cbidf2k; C:\WINDOWS2\system32\Drivers\cbidf2k.sys [13952 2001-10-25] (Microsoft Corporation)
S1 Cdaudio; C:\WINDOWS2\system32\Drivers\Cdaudio.sys [18688 2001-10-25] (Microsoft Corporation)
R4 Cdfs; C:\WINDOWS2\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINDOWS2\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R0 Disk; C:\WINDOWS2\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINDOWS2\System32\drivers\dmboot.sys [800000 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINDOWS2\System32\drivers\dmio.sys [153856 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINDOWS2\System32\drivers\dmload.sys [5888 2001-10-25] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINDOWS2\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation)
S3 drmkaud; C:\WINDOWS2\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation)
R4 Fastfat; C:\WINDOWS2\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
R3 Fdc; C:\WINDOWS2\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
S1 Fips; C:\WINDOWS2\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
R3 Flpydisk; C:\WINDOWS2\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINDOWS2\System32\DRIVERS\fltMgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINDOWS2\system32\Drivers\Fs_Rec.sys [7936 2001-10-25] (Microsoft Corporation)
R0 Ftdisk; C:\WINDOWS2\System32\DRIVERS\ftdisk.sys [125184 2001-10-25] (Microsoft Corporation)
R3 Gpc; C:\WINDOWS2\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S3 gzflt; C:\Program Files\Nejdeto Antivirus\AVService\support\gzflt.sys [169992 2015-01-29] (BitDefender LLC)
R3 HDAudBus; C:\WINDOWS2\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 HidUsb; C:\WINDOWS2\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
S3 hitmanpro37; C:\WINDOWS2\system32\drivers\hitmanpro37.sys [30464 2015-02-13] ()
S3 HPZid412; C:\WINDOWS2\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS2\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS2\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 HTTP; C:\WINDOWS2\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINDOWS2\System32\DRIVERS\i8042prt.sys [52096 2008-04-14] (Microsoft Corporation)
R1 Imapi; C:\WINDOWS2\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
S3 Ip6Fw; C:\WINDOWS2\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINDOWS2\System32\DRIVERS\ipfltdrv.sys [32896 2001-10-25] (Microsoft Corporation)
S3 IpInIp; C:\WINDOWS2\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINDOWS2\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINDOWS2\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IRENUM; C:\WINDOWS2\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINDOWS2\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
R1 Kbdclass; C:\WINDOWS2\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation)
S3 kmixer; C:\WINDOWS2\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation)
R0 KSecDD; C:\WINDOWS2\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
S1 mnmdd; C:\WINDOWS2\system32\Drivers\mnmdd.sys [4224 2001-10-25] (Microsoft Corporation)
S3 Modem; C:\WINDOWS2\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation)
R1 Mouclass; C:\WINDOWS2\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation)
S3 mouhid; C:\WINDOWS2\System32\DRIVERS\mouhid.sys [12160 2001-10-24] (Microsoft Corporation)
R0 MountMgr; C:\WINDOWS2\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
S3 MRxDAV; C:\WINDOWS2\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS2\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINDOWS2\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS2\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINDOWS2\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation)
S3 MSPQM; C:\WINDOWS2\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation)
R3 mssmbios; C:\WINDOWS2\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation)
R0 Mup; C:\WINDOWS2\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINDOWS2\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS2\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS2\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation)
R3 NdisWan; C:\WINDOWS2\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINDOWS2\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINDOWS2\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINDOWS2\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINDOWS2\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINDOWS2\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINDOWS2\system32\Drivers\Null.sys [2944 2001-10-25] (Microsoft Corporation)
S3 nv; C:\WINDOWS2\System32\DRIVERS\nv4_mini.sys [12695512 2014-07-02] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS2\System32\DRIVERS\NVENETFD.sys [33536 2005-04-06] (NVIDIA Corporation)
S3 NVHDA; C:\WINDOWS2\System32\drivers\nvhda32.sys [129312 2014-08-11] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS2\System32\DRIVERS\nvnetbus.sys [12928 2005-04-06] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINDOWS2\System32\DRIVERS\nwlnkflt.sys [12416 2001-10-25] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINDOWS2\System32\DRIVERS\nwlnkfwd.sys [32512 2001-10-25] (Microsoft Corporation)
S3 Parport; C:\WINDOWS2\System32\DRIVERS\parport.sys [80000 2008-04-14] (Microsoft Corporation)
R0 PartMgr; C:\WINDOWS2\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
S2 ParVdm; C:\WINDOWS2\system32\Drivers\ParVdm.sys [6784 2001-10-25] (Microsoft Corporation)
R0 PCI; C:\WINDOWS2\System32\DRIVERS\pci.sys [68736 2008-04-14] (Microsoft Corporation)
R0 PCIIde; C:\WINDOWS2\System32\DRIVERS\pciide.sys [3328 2001-10-25] (Microsoft Corporation)
S4 Pcmcia; C:\WINDOWS2\system32\Drivers\Pcmcia.sys [120064 2008-04-14] (Microsoft Corporation)
R3 PptpMiniport; C:\WINDOWS2\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
S1 Processor; C:\WINDOWS2\System32\DRIVERS\processr.sys [39680 2008-04-14] (Microsoft Corporation)
R3 PSched; C:\WINDOWS2\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R3 Ptilink; C:\WINDOWS2\System32\DRIVERS\ptilink.sys [17792 2001-10-25] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINDOWS2\System32\DRIVERS\rasacd.sys [8832 2001-10-25] (Microsoft Corporation)
R3 Rasl2tp; C:\WINDOWS2\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS2\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINDOWS2\System32\DRIVERS\raspti.sys [16512 2001-10-25] (Microsoft Corporation)
R1 Rdbss; C:\WINDOWS2\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINDOWS2\System32\DRIVERS\RDPCDD.sys [4224 2001-10-25] (Microsoft Corporation)
R3 rdpdr; C:\WINDOWS2\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation)
R3 RDPWD; C:\WINDOWS2\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINDOWS2\System32\DRIVERS\redbook.sys [58496 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS2\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\WINDOWS2\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINDOWS2\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
S1 Serial; C:\WINDOWS2\System32\DRIVERS\serial.sys [64256 2008-04-14] (Microsoft Corporation)
S1 Sfloppy; C:\WINDOWS2\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 splitter; C:\WINDOWS2\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation)
R0 sr; C:\WINDOWS2\System32\DRIVERS\sr.sys [73344 2008-04-14] (Microsoft Corporation)
R3 Srv; C:\WINDOWS2\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R3 swenum; C:\WINDOWS2\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation)
S3 swmidi; C:\WINDOWS2\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation)
S3 sysaudio; C:\WINDOWS2\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation)
R3 tapwp01; C:\WINDOWS2\System32\DRIVERS\tapwp01.sys [35288 2014-10-29] (The OpenVPN Project)
R1 Tcpip; C:\WINDOWS2\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINDOWS2\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
R3 TDTCP; C:\WINDOWS2\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINDOWS2\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S3 Trufos; C:\WINDOWS2\System32\DRIVERS\Trufos.sys [408280 2015-01-29] (BitDefender S.R.L.)
S4 Udfs; C:\WINDOWS2\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R3 Update; C:\WINDOWS2\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
S3 usbccgp; C:\WINDOWS2\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS2\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINDOWS2\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
R3 usbohci; C:\WINDOWS2\System32\DRIVERS\usbohci.sys [17152 2008-04-13] (Microsoft Corporation)
S3 usbprint; C:\WINDOWS2\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation)
S3 usbscan; C:\WINDOWS2\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation)
S3 USBSTOR; C:\WINDOWS2\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
R1 VgaSave; C:\WINDOWS2\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINDOWS2\system32\Drivers\VolSnap.sys [52480 2008-04-14] (Microsoft Corporation)
S3 Wanarp; C:\WINDOWS2\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
S3 wdmaud; C:\WINDOWS2\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation)
R1 WS2IFSL; C:\WINDOWS2\System32\drivers\ws2ifsl.sys [12032 2001-10-25] (Microsoft Corporation)
S1 bfqzbxsa; \??\C:\WINDOWS2\system32\drivers\bfqzbxsa.sys [X]
S3 catchme; \??\C:\WINDOWS2\TEMP\catchme.sys [X]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 14:22 - 2015-02-14 14:23 - 00035225 _____ () C:\Documents and Settings\start\Plocha\FRST.txt
2015-02-14 14:22 - 2015-02-14 14:22 - 00000000 ____D () C:\FRST
2015-02-14 14:20 - 2015-02-14 14:20 - 01125888 _____ (Farbar) C:\Documents and Settings\start\Plocha\FRST.exe
2015-02-14 14:20 - 2015-02-14 14:20 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\start\Plocha\FRSTLauncher.exe
2015-02-14 13:53 - 2015-02-14 13:54 - 00000000 ____D () C:\rsit
2015-02-14 13:53 - 2015-02-14 13:54 - 00000000 ____D () C:\Program Files\trend micro
2015-02-14 13:53 - 2015-02-14 12:08 - 01107968 _____ () C:\Documents and Settings\start\Plocha\RSIT.exe
2015-02-14 13:52 - 2015-02-14 12:08 - 01107968 _____ () C:\RSIT.exe
2015-02-14 12:34 - 2015-02-14 12:52 - 00000000 __SHD () C:\WINDOWS2\CSC
2015-02-14 12:22 - 2015-02-13 15:12 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\start\Plocha\OTM.exe
2015-02-13 22:33 - 2015-02-13 22:33 - 00000000 ___RD () C:\Documents and Settings\start\Nabídka Start\Programy\Nástroje pro správu
2015-02-13 22:33 - 2015-02-13 22:33 - 00000000 ___RD () C:\Documents and Settings\start\Dokumenty\Filmy
2015-02-13 22:32 - 2015-02-13 22:34 - 00000000 ___SD () C:\32788R22FWJFW
2015-02-13 21:19 - 2015-02-14 14:23 - 00000000 ____D () C:\Documents and Settings\start\Local Settings\temp
2015-02-13 21:19 - 2015-02-13 21:19 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2015-02-13 21:19 - 2015-02-13 21:19 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2015-02-13 21:19 - 2015-02-13 21:19 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-02-13 20:57 - 2014-11-26 15:23 - 00000306 _____ () C:\Boot.bak
2015-02-13 20:56 - 2015-02-13 20:57 - 00000000 _RSHD () C:\cmdcons
2015-02-13 20:56 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2015-02-13 20:50 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS2\PEV.exe
2015-02-13 20:50 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS2\MBR.exe
2015-02-13 20:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS2\NIRCMD.exe
2015-02-13 20:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS2\SWREG.exe
2015-02-13 20:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS2\SWSC.exe
2015-02-13 20:50 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS2\SWXCACLS.exe
2015-02-13 20:50 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS2\sed.exe
2015-02-13 20:50 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS2\grep.exe
2015-02-13 20:50 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS2\zip.exe
2015-02-13 20:48 - 2015-02-13 21:20 - 00000000 ____D () C:\Qoobox
2015-02-13 20:48 - 2015-02-13 20:48 - 00000000 ___RD () C:\Documents and Settings\LocalService.NT AUTHORITY\Dokumenty\Obrázky
2015-02-13 20:48 - 2015-02-13 20:48 - 00000000 ___RD () C:\Documents and Settings\LocalService.NT AUTHORITY\Dokumenty\Hudba
2015-02-13 20:48 - 2015-02-13 20:48 - 00000000 ___RD () C:\Documents and Settings\LocalService.NT AUTHORITY\Dokumenty\Filmy
2015-02-13 20:48 - 2015-02-13 20:48 - 00000000 ___HD () C:\Documents and Settings\LocalService.NT AUTHORITY\Šablony
2015-02-13 20:48 - 2015-02-13 20:48 - 00000000 ___HD () C:\Documents and Settings\LocalService.NT AUTHORITY\Okolní tiskárny
2015-02-13 20:48 - 2015-02-13 20:48 - 00000000 ___HD () C:\Documents and Settings\LocalService.NT AUTHORITY\Okolní síť
2015-02-13 20:48 - 2015-02-13 20:48 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Nabídka Start\Programy\Po spuštění
2015-02-13 20:48 - 2015-02-13 20:48 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Dokumenty
2015-02-13 20:47 - 2015-02-13 21:18 - 00000000 ____D () C:\WINDOWS2\erdnt
2015-02-13 20:34 - 2015-01-29 10:54 - 00408280 _____ (BitDefender S.R.L.) C:\WINDOWS2\system32\Drivers\Trufos.sys
2015-02-13 20:31 - 2015-02-14 12:56 - 00003756 _____ () C:\WINDOWS2\certutil.log
2015-02-13 20:31 - 2014-10-29 17:08 - 00035288 _____ (The OpenVPN Project) C:\WINDOWS2\system32\Drivers\tapwp01.sys
2015-02-13 19:42 - 2015-02-13 19:42 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací\Google
2015-02-13 19:41 - 2015-02-14 13:00 - 00000000 ____D () C:\Documents and Settings\start\Data aplikací\Seznam.cz
2015-02-13 19:39 - 2015-02-13 19:39 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY\IECompatCache
2015-02-13 19:39 - 2015-02-13 19:39 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\Macromedia
2015-02-13 19:02 - 2015-02-13 20:48 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Nabídka Start\Programy
2015-02-13 19:02 - 2015-02-13 19:02 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Nabídka Start
2015-02-13 19:02 - 2015-02-13 19:02 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\Malwarebytes
2015-02-13 19:02 - 2015-02-13 19:02 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Malwarebytes
2015-02-13 19:02 - 2015-02-13 19:02 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Malwarebytes
2015-02-13 18:36 - 2015-02-13 18:36 - 00030464 _____ () C:\WINDOWS2\system32\Drivers\hitmanpro37.sys
2015-02-13 18:36 - 2015-02-13 18:36 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Plocha
2015-02-13 18:36 - 2015-02-13 18:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\HitmanPro
2015-02-13 18:36 - 2015-02-13 18:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\HitmanPro
2015-02-13 18:35 - 2015-02-13 19:39 - 00000000 ___RD () C:\Documents and Settings\LocalService.NT AUTHORITY\Oblíbené položky
2015-02-13 18:35 - 2015-02-13 18:35 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\Adobe
2015-02-13 18:34 - 2015-02-13 18:34 - 00000086 _____ () C:\WINDOWS2\zerobyte_files_deleted.txt
2015-02-13 18:34 - 2015-02-13 18:34 - 00000063 _____ () C:\WINDOWS2\system32\zerobyte_files_deleted.txt
2015-02-13 18:33 - 2015-02-13 18:33 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-13 18:33 - 2015-02-13 18:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-02-13 18:33 - 2015-02-13 18:33 - 00000000 ____D () C:\Documents and Settings\Fanda\Local Settings\temp
2015-02-13 18:33 - 2015-02-13 18:33 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS2\Local Settings\temp
2015-02-13 18:32 - 2015-02-08 23:29 - 00000065 _____ () C:\WINDOWS2\system32\oeminfo.ini
2015-02-13 14:36 - 2015-02-13 14:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\WoctEpub
2015-02-13 14:36 - 2015-02-13 14:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\WoctEpub
2015-02-11 07:03 - 2015-02-11 07:03 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS2\Local Settings\Data aplikací\Microsoft Help

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 14:22 - 2014-11-26 15:14 - 00000000 ____D () C:\Documents and Settings\start\Plocha
2015-02-14 14:21 - 2014-11-26 15:14 - 00000000 ___HD () C:\Documents and Settings\start\Local Settings\Data aplikací
2015-02-14 13:50 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS2\system32\wpa.dbl
2015-02-14 13:48 - 2014-11-28 06:13 - 00002842 _____ () C:\WINDOWS2\system32\nvAppTimestamps
2015-02-14 13:48 - 2014-11-26 15:59 - 00000215 _____ () C:\WINDOWS2\wiadebug.log
2015-02-14 13:48 - 2014-11-26 15:59 - 00000049 _____ () C:\WINDOWS2\wiaservc.log
2015-02-14 13:48 - 2014-11-26 15:14 - 00000178 ___SH () C:\Documents and Settings\start\ntuser.ini
2015-02-14 13:48 - 2014-11-26 15:13 - 00032592 _____ () C:\WINDOWS2\SchedLgU.Txt
2015-02-14 13:48 - 2014-11-26 15:13 - 00000006 ____H () C:\WINDOWS2\Tasks\SA.DAT
2015-02-14 13:48 - 2014-11-26 15:05 - 01397091 _____ () C:\WINDOWS2\WindowsUpdate.log
2015-02-14 13:48 - 2009-08-01 17:12 - 00000440 __RSH () C:\boot.ini
2015-02-14 13:34 - 2014-12-05 17:15 - 00000916 _____ () C:\WINDOWS2\Tasks\Adobe Flash Player Updater.job
2015-02-14 13:27 - 2014-11-26 15:48 - 00000000 ____D () C:\WINDOWS2\Temp
2015-02-14 13:10 - 2014-12-06 11:01 - 00000940 _____ () C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 13:01 - 2014-12-06 11:03 - 00000362 ____H () C:\WINDOWS2\Tasks\avast! Emergency Update.job
2015-02-14 12:55 - 2014-12-06 11:01 - 00000936 _____ () C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 12:55 - 2014-11-27 07:43 - 00000224 _____ () C:\WINDOWS2\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-14 12:37 - 2014-11-26 15:48 - 00000000 ____D () C:\WINDOWS2
2015-02-14 12:22 - 2014-11-26 15:14 - 00000000 ___RD () C:\Documents and Settings\start\Oblíbené položky
2015-02-13 22:33 - 2014-11-26 15:14 - 00000000 ___RD () C:\Documents and Settings\start\Nabídka Start\Programy
2015-02-13 22:33 - 2014-11-26 15:14 - 00000000 ___RD () C:\Documents and Settings\start\Dokumenty
2015-02-13 22:00 - 2014-11-26 15:53 - 00000000 ___HD () C:\Documents and Settings\Default User.WINDOWS2
2015-02-13 22:00 - 2009-08-01 15:37 - 00000000 ____D () C:\Documents and Settings\Fanda
2015-02-13 21:40 - 2014-11-26 15:54 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy
2015-02-13 21:40 - 2014-11-26 15:54 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy
2015-02-13 21:23 - 2014-11-26 15:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2
2015-02-13 21:23 - 2014-11-26 15:14 - 00000000 ____D () C:\Documents and Settings\start
2015-02-13 21:23 - 2014-11-26 15:13 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2015-02-13 21:23 - 2014-11-26 15:12 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2015-02-13 21:22 - 2014-11-26 15:04 - 00000000 ____D () C:\WINDOWS2\system32\Restore
2015-02-13 21:17 - 2001-10-25 13:00 - 00000227 _____ () C:\WINDOWS2\system.ini
2015-02-13 21:05 - 2014-11-26 15:13 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací
2015-02-13 20:35 - 2014-11-26 15:54 - 00450993 _____ () C:\WINDOWS2\setupapi.log
2015-02-13 20:02 - 2014-11-26 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Plocha
2015-02-13 19:44 - 2014-11-27 12:50 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 19:42 - 2014-11-26 15:54 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací
2015-02-13 19:42 - 2014-11-26 15:13 - 00000000 ___HD () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací
2015-02-13 19:42 - 2009-08-10 16:12 - 00000000 ____D () C:\Program Files\Google
2015-02-13 19:41 - 2014-11-26 15:14 - 00000000 __RHD () C:\Documents and Settings\start\Data aplikací
2015-02-13 19:41 - 2010-05-09 16:15 - 00000000 ____D () C:\Program Files\Seznam.cz
2015-02-13 18:34 - 2010-05-01 15:51 - 00000000 ____D () C:\Temp
2015-02-13 14:29 - 2011-02-18 21:05 - 00000000 ____D () C:\Program Files\The KMPlayer
2015-02-13 13:59 - 2014-11-27 14:07 - 01439180 _____ () C:\WINDOWS2\system32\nvdrsdb0.bin
2015-02-13 13:59 - 2014-11-27 14:07 - 00000001 _____ () C:\WINDOWS2\system32\nvdrssel.bin
2015-02-11 07:11 - 2014-11-27 07:25 - 00000000 ____D () C:\WINDOWS2\system32\MRT
2015-02-11 07:06 - 2014-11-27 07:17 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS2\system32\MRT.exe
2015-02-11 07:05 - 2014-11-27 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Microsoft Help
2015-02-11 07:05 - 2014-11-27 12:11 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Microsoft Help
2015-02-11 07:03 - 2014-11-26 15:54 - 00000000 ___HD () C:\Documents and Settings\Default User.WINDOWS2\Local Settings\Data aplikací
2015-02-08 19:47 - 2014-11-27 12:17 - 00065536 _____ () C:\WINDOWS2\system32\config\ODiag.evt
2015-02-08 15:00 - 2014-11-27 07:43 - 00000218 _____ () C:\WINDOWS2\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-08 10:37 - 2014-12-06 11:02 - 00001813 _____ () C:\Documents and Settings\All Users.WINDOWS2\Plocha\Google Chrome.lnk
2015-02-08 10:35 - 2014-12-05 17:15 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS2\system32\FlashPlayerApp.exe
2015-02-08 10:35 - 2014-12-05 17:15 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS2\system32\FlashPlayerCPLApp.cpl
2015-02-08 09:45 - 2014-11-27 14:07 - 01439180 _____ () C:\WINDOWS2\system32\nvdrsdb1.bin

==================== Files in the root of some directories =======

2013-10-08 19:30 - 2013-10-08 19:30 - 50053120 _____ () C:\Program Files\GUT752.tmp
2014-11-27 11:19 - 2014-12-05 15:27 - 0016896 _____ () C:\Documents and Settings\start\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS2\explorer.exe => File is digitally signed
C:\WINDOWS2\system32\winlogon.exe => File is digitally signed
C:\WINDOWS2\system32\svchost.exe => File is digitally signed
C:\WINDOWS2\system32\services.exe => File is digitally signed
C:\WINDOWS2\system32\User32.dll => File is digitally signed
C:\WINDOWS2\system32\userinit.exe => File is digitally signed
C:\WINDOWS2\system32\rpcss.dll => File is digitally signed
C:\WINDOWS2\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:107.42 GB) (Free:12.84 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:4.36 GB) (Free:4.09 GB) NTFS

Available physical RAM: 767.59 MB
Total physical RAM: 1023.48 MB
Percentage of memory in use: 25%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 111.8 GB) (Disk ID: F884F884)
Partition 1: (Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.4 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS2\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS2\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS2\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS2\system32\xp_eos.exe
Task: C:\WINDOWS2\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS2\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\start\Plocha" je 14773 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

# AdwCleaner v4.110 - Logfile created 14/02/2015 at 17:21:50
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : start - XP
# Running from : C:\Documents and Settings\start\Plocha\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Fanda\Local Settings\Data aplikací\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\Fanda\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Fanda\Local Settings\Data aplikací\iMesh
Folder Deleted : C:\Documents and Settings\Fanda\Local Settings\Data aplikací\PackageAware
Folder Deleted : C:\Documents and Settings\Fanda\Local Settings\Data aplikací\SearchProtect
Folder Deleted : C:\Documents and Settings\Fanda\Local Settings\Data aplikací\webplayer
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\FinalMediaPlayer
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\HPAppData
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\Movdap
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\PriceGong
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\SearchProtect
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\searchresultstb
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\somotomoviestoolbar1
Folder Deleted : C:\Documents and Settings\Fanda\Data aplikací\Web Cake
Folder Deleted : C:\Documents and Settings\Fanda\Dokumenty\iMesh
Folder Deleted : C:\Documents and Settings\start\Data aplikací\RHEng
[!] Folder Deleted : C:\Documents and Settings\Fanda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
[!] Folder Deleted : C:\Documents and Settings\Fanda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
File Deleted : C:\Documents and Settings\Fanda\Plocha\Check for Updates.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Softonic

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v40.0.2214.111

[C:\Documents and Settings\Fanda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN68969136911425693&ctid=CT3288691&UM=2
[C:\Documents and Settings\Fanda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.dalesearch.com/?q={searchTerms}&bab ... 0&tsp=5002
[C:\Documents and Settings\Fanda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000027&locale=en_EU&apn_uid=&apn_ptnrs=^U3&apn_sauid=&apn_dtid=^OSJ000^YY^CZ&&q={searchTerms}
[C:\Documents and Settings\Fanda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000027&locale=en_EU&apn_uid=&apn_ptnrs=^U3&apn_sauid=&apn_dtid=^OSJ000^YY^CZ&&q={searchTerms}
[C:\Documents and Settings\Fanda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=102&systemid=473&v=a12627-296&apn_uid=4140245236174535&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}

*************************

AdwCleaner[R1].txt - [3952 bytes] - [14/02/2015 17:16:57]
AdwCleaner[S1].txt - [3941 bytes] - [14/02/2015 17:21:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4000 bytes] ##########

ZOEK LOG se mi nějak seknul a už 10 minut nic neděla mám počkat? Nebo neměl jsem vypnout Avast?

Zoek.exe v5.0.0.0 Updated 13-February-2015
Tool run by start on so 14.02.2015 at 17:30:28,10.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\start\Plocha\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 17:32:45,73 =====

--- Create Environment Variables 17:33:00,31
--- Create System Restore Point 17:33:53,82
--- Checking Input 17:34:15,57
--- Reset Hosts File 17:35:04,50
--- AU AppData Check 17:35:08,31
--- Remove From Windows Installer 17:35:15,70

Zkuste provest Zoek v nouzovem rezimu

Tak aplikace pořád jede od prvního zapnutí. Jak dlouho trvá než to normalně dojede? Nevím jestli mám počkat nebo aplikaci ukončit a počítač restartovat do nouzového režimu. Toto je momentálne poslední věc na seznamu.

--- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací DB Check 18:20:43,18

Ukoncete jej

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbar
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.02.14.04
rootkit: v2015.02.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
start :: XP [administrator]

14.2.2015 18:51:04
mbar-log-2015-02-14 (18-51-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 587022
Time elapsed: 41 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-2025429265-1390067357-1417001333-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WoctEpub (Trojan.Agent.ED) -> Data: regsvr32.exe "C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\WoctEpub\SuwyoCrehu.wwx" -> Delete on reboot. [5b018a949febfc3a32050715b84a8c74]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\WoctEpub\SuwyoCrehu.wwx (Trojan.Agent.ED) -> Delete on reboot. [5b018a949febfc3a32050715b84a8c74]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Dejte novy log z FRST

Bylo to potřeba dořešit včera, protože dnes jsem už na intru. Po programu Malwarebytes Anti-Rootkit BETA jsem email zkoušel a fungoval, kdyžtak LOG dodám za 14 dní. Píšu to pouze aby vyosek si nemyslel, že ztrácel čas zbytečně. Velké díky.

OK, pak dejte treba novy log a docistime...

VIRY.CZ

Nelze se dostat na seznam email

Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email

Re: Nelze se dostat na seznam email