Pěkný večer všem,
má poslední dobou problém se svým PC, kde zřejmě zahnízdil nějaký malware. Internet je je prakticky nepoužitlený. AdBlock například na Seznamu detekuje 1000+ reklam. Bohužel jde ještě o Win XP. Můžete mi kromě postupu, co mám dělat doporučit nějaký dostupný freeware firewall a podporovaný internetový prohlížeč pro Windows XP? Avastem projde vše jako máslem. Díky za pomoc
Radek
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
Ran by HP_Administrator (administrator) on DOMA (11-08-2018 20:55:03)
Running from C:\Documents and Settings\HP_Administrator\Plocha
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\VmbNotifierService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Telefónica I+D) C:\Program Files\O2\O2CZ\EMMSN.exe
(Telefónica I+D) C:\Program Files\O2\Nori\Nori.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089ae-9d48-11e8-9e66-1cc1de4f37c4} - F:\SetupVMB.exe
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089b1-9d48-11e8-9e66-1cc1de4f37c4} - F:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{F7AFD1B7-BA9C-477D-892F-69CC783ADA97}: [DhcpNameServer] 84.16.121.1 84.16.96.2
Tcpip\..\Interfaces\{FE15315A-8390-47D1-BD9D-F62C74967BA5}: [NameServer] 194.228.211.33 160.218.161.60
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> {D50EB7F4-2A89-4461-942A-A4FA1DCBA293} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_2
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-10] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-10] (Oracle Corporation)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2018-08-11]
CHR Extension: (Dokumenty) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-08-09]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-27]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-31]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-11] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-10] (Oracle Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 VmbNotifierService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\VmbNotifierService.exe [162304 2015-05-22] (Vodafone) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [189240 2018-07-17] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39784 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70840 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [396352 2018-07-24] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205864 2018-07-17] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
R3 Huawei; C:\WINDOWS\System32\DRIVERS\ewdcsc.sys [24448 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 tidnet; C:\WINDOWS\System32\DRIVERS\tidnet.sys [19200 2009-09-15] (Telefónica I+D) [File not signed]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113280 2009-12-15] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-11 20:55 - 2018-08-11 20:55 - 000014148 _____ C:\Documents and Settings\HP_Administrator\Plocha\FRST.txt
2018-08-11 20:54 - 2018-08-11 20:55 - 000000000 ____D C:\FRST
2018-08-11 20:54 - 2018-08-11 20:54 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\FRSTLauncher.exe
2018-08-11 20:54 - 2018-08-11 20:54 - 000029696 _____ C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\MSGBOX.EXE
2018-08-11 20:54 - 2018-08-11 20:54 - 000015327 _____ C:\Documents and Settings\HP_Administrator\Plocha\LM.bat
2018-08-11 20:53 - 2018-08-11 20:53 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\Nepotvrzeno 661598.crdownload
2018-08-11 20:53 - 2018-08-11 20:53 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\Nepotvrzeno 263070.crdownload
2018-08-11 20:52 - 2018-08-11 20:52 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\Nepotvrzeno 455514.crdownload
2018-08-11 20:50 - 2018-08-11 20:50 - 001773056 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Plocha\FRST.exe
2018-08-11 19:45 - 2018-08-11 19:45 - 000265416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-11 12:03 - 2018-08-11 19:51 - 000012680 _____ C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2018-08-11 12:03 - 2018-08-11 12:03 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Data aplikací\Telefónica Móviles
2018-08-11 12:00 - 2018-08-11 12:00 - 000000698 _____ C:\Documents and Settings\All Users\Plocha\O2 Průvodce připojením.lnk
2018-08-11 12:00 - 2009-12-15 14:05 - 000113280 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbnet.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000102528 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000100736 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbdev.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000024448 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2018-08-11 11:53 - 2018-08-11 11:59 - 000000000 ____D C:\Program Files\O2
2018-08-11 11:53 - 2018-08-11 11:53 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\O2
2018-08-11 11:42 - 2018-08-11 11:42 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Data aplikací\Vodafone
2018-08-11 11:40 - 2018-08-11 11:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2018-08-11 11:39 - 2018-08-11 11:39 - 000001975 _____ C:\Documents and Settings\All Users\Plocha\Vodafone Mobile Broadband.lnk
2018-08-11 11:39 - 2018-08-11 11:39 - 000000000 ____D C:\Program Files\Vodafone
2018-08-11 11:39 - 2018-08-11 11:39 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Vodafone
2018-08-11 11:39 - 2018-08-11 11:39 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Vodafone
2018-08-11 11:39 - 2014-09-19 17:59 - 001112288 ____R (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01007.dll
2018-08-11 11:39 - 2014-09-19 17:59 - 000077696 ____R (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2018-08-11 11:29 - 2018-08-11 11:29 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Downloaded Installations
2018-07-17 09:06 - 2018-07-17 09:06 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\AVAST Software
2018-07-17 08:52 - 2018-07-17 08:49 - 000321752 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-11 20:55 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Plocha
2018-08-11 20:55 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2018-08-11 20:54 - 2010-09-25 20:02 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google
2018-08-11 20:54 - 2010-09-17 20:05 - 000000000 ___HD C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací
2018-08-11 20:46 - 2018-03-30 08:12 - 000000330 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-08-11 20:46 - 2017-04-04 15:25 - 000000360 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-08-11 20:34 - 2010-09-25 20:02 - 000000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-08-11 20:29 - 2012-10-27 21:41 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-08-11 20:23 - 2018-03-14 11:30 - 000000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-08-11 20:23 - 2010-06-15 12:39 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-11 19:45 - 2014-03-30 08:55 - 000000244 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2018-08-11 19:45 - 2010-09-25 20:02 - 000000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-08-11 19:45 - 2010-06-15 13:28 - 000000188 _____ C:\WINDOWS\system\hpsysdrv.DAT
2018-08-11 19:45 - 2010-06-15 12:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-11 19:31 - 2010-09-17 20:05 - 000000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2018-08-11 19:31 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator
2018-08-11 19:31 - 2010-06-15 13:11 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2018-08-11 19:31 - 2010-06-15 13:03 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2018-08-11 19:31 - 2010-06-15 12:43 - 000032556 _____ C:\WINDOWS\SchedLgU.Txt
2018-08-11 14:44 - 2010-06-15 14:29 - 000000000 ___HD C:\WINDOWS\inf
2018-08-11 13:46 - 2010-10-24 03:20 - 000000000 ____D C:\WINDOWS\Minidump
2018-08-11 13:46 - 2010-06-15 14:34 - 000000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2018-08-11 12:39 - 2010-06-15 13:07 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2018-08-11 12:33 - 2010-06-15 14:34 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-08-11 12:33 - 2010-06-15 13:07 - 000000000 ____D C:\Program Files\Microsoft Office
2018-08-11 12:30 - 2010-06-15 13:11 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office
2018-08-11 12:16 - 2010-06-15 13:27 - 000000542 _____ C:\WINDOWS\win.ini
2018-08-11 12:16 - 2010-06-15 12:39 - 000000000 ____D C:\Program Files\Common Files\System
2018-08-11 12:03 - 2010-09-17 20:05 - 000000000 __RHD C:\Documents and Settings\HP_Administrator\Data aplikací
2018-08-11 12:02 - 2010-06-15 14:34 - 001030424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-11 12:02 - 2010-06-15 13:28 - 000432426 _____ C:\WINDOWS\system32\perfh005.dat
2018-08-11 12:02 - 2010-06-15 13:28 - 000079468 _____ C:\WINDOWS\system32\perfc005.dat
2018-08-11 12:00 - 2010-06-15 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2018-08-11 11:39 - 2010-06-15 14:34 - 000000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2018-08-11 10:41 - 2010-09-17 21:15 - 000000488 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{85461042-D0B4-4E96-A1F5-2F3BAC29AEA9}.job
2018-08-09 08:30 - 2014-03-30 08:55 - 000000238 _____ C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2018-08-09 08:28 - 2010-06-15 13:12 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\PDFC
2018-08-09 08:27 - 2010-06-15 13:27 - 000001158 _____ C:\WINDOWS\system32\wpa.dbl
2018-07-24 08:50 - 2010-09-17 21:11 - 000396352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-07-17 08:50 - 2016-05-31 09:36 - 000205864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-07-17 08:49 - 2017-11-17 10:15 - 000167552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-07-17 08:49 - 2014-10-17 09:38 - 000042808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000310784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000133680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000071848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-07-17 08:49 - 2010-09-17 21:11 - 000070840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-07-17 08:47 - 2018-01-05 10:14 - 000189240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-07-17 08:47 - 2011-07-02 10:31 - 000784120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000284328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000188352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000164944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000057976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
==================== Files in the root of some directories =======
2013-11-28 17:11 - 2013-08-22 18:36 - 006583664 _____ (AVAST Software) C:\Program Files\Alwi
2018-05-20 07:55 - 2018-05-20 07:55 - 007649280 _____ () C:\Program Files\GUT105.tmp
2010-12-04 16:51 - 2010-12-04 16:51 - 003276544 _____ (Ghisler Software GmbH) C:\Program Files\tcmd756.exe
2012-01-02 18:42 - 2012-01-02 18:42 - 000003584 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-18 12:49 - 2010-09-18 12:49 - 000000082 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\FASTWiz.log
2018-08-11 20:54 - 2018-08-11 20:54 - 000029696 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\MSGBOX.EXE
2012-10-27 19:41 - 2012-10-27 21:07 - 083023306 ____T () C:\Documents and Settings\All Users\Data aplikací\dsgsdgdsgdsgw.pad
Some files in TEMP:
====================
2018-08-11 11:47 - 2009-04-02 17:07 - 000110592 ____R (Huawei Technologies Co., Ltd.) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DataCard_Setup.exe
2018-08-11 11:47 - 2009-03-18 12:46 - 000007168 ____R () C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ResetDevice.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zavirovaný all in one PC Compaq
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118274
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovaný all in one PC Compaq
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovaný all in one PC Compaq
Bohužel nelze nainstalovat. Po spuštění vyskočí hláška: Aplikace nemohla být spuštěna, protože součást dwmapi.dll nelze najít. Potíže pravděpodobvně odstraníte opětovnou instalací aplikace. Nezdá se, že už je podporován Windows XP. V požadavcích tam chybí. 
Re: zavirovaný all in one PC Compaq
Tak už vyřešeno:-). Stačilo stáhnout verzi 6.0, která ještě podporuje XP.
Zde je LOG.
# AdwCleaner v6.044 - Log vytvořen 11/08/2018 v 22:22:48
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : HP_Administrator - DOMA
# Spuštěno z : C:\Documents and Settings\HP_Administrator\Dokumenty\Downloads\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Klíč smazán: HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\YahooPartnerToolbar
[#] Klíč smazán po restartu: HKCU\Software\YahooPartnerToolbar
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1781 Bajty] - [11/08/2018 22:22:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [2244 Bajty] - [11/08/2018 22:21:27]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1927 Bajty] ##########
Zde je LOG.
# AdwCleaner v6.044 - Log vytvořen 11/08/2018 v 22:22:48
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : HP_Administrator - DOMA
# Spuštěno z : C:\Documents and Settings\HP_Administrator\Dokumenty\Downloads\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Klíč smazán: HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\YahooPartnerToolbar
[#] Klíč smazán po restartu: HKCU\Software\YahooPartnerToolbar
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1781 Bajty] - [11/08/2018 22:22:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [2244 Bajty] - [11/08/2018 22:21:27]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1927 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 118274
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovaný all in one PC Compaq
Omlouvám se, verzi jsem přehlédl. Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovaný all in one PC Compaq
Díky předem. Jen jsem zapomněl dodat, že procesor je i připsaní této zprávy vytížen na 100 procent.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
Ran by HP_Administrator (administrator) on DOMA (12-08-2018 11:35:31)
Running from C:\Documents and Settings\HP_Administrator\Plocha
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
(Telefónica I+D) C:\Program Files\O2\O2CZ\EMMSN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Telefónica I+D) C:\Program Files\O2\Nori\Nori.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089ae-9d48-11e8-9e66-1cc1de4f37c4} - F:\SetupVMB.exe
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089b1-9d48-11e8-9e66-1cc1de4f37c4} - F:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{FE15315A-8390-47D1-BD9D-F62C74967BA5}: [NameServer] 194.228.211.33 160.218.161.60
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> {D50EB7F4-2A89-4461-942A-A4FA1DCBA293} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_2
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-10] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-10] (Oracle Corporation)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2018-08-12]
CHR Extension: (Dokumenty) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-08-09]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-08-12]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-31]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-11] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-10] (Oracle Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [95528 2008-10-31] (Sunbelt Software, Inc.)
R2 SPF4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [1365288 2008-10-31] (Sunbelt Software, Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [189240 2018-07-17] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39784 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70840 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [396352 2018-07-24] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205864 2018-07-17] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
R3 Huawei; C:\WINDOWS\System32\DRIVERS\ewdcsc.sys [24448 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\System32\DRIVERS\ew_jubusenum.sys [77696 2014-09-19] (Huawei Technologies Co., Ltd.) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [270888 2008-10-31] (Sunbelt Software, Inc.)
R3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [65576 2008-06-21] (Sunbelt Software, Inc.)
R1 sbhips; C:\WINDOWS\system32\drivers\sbhips.sys [66600 2008-06-21] (Sunbelt Software, Inc.)
R1 tidnet; C:\WINDOWS\System32\DRIVERS\tidnet.sys [19200 2009-09-15] (Telefónica I+D) [File not signed]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113280 2009-12-15] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-12 11:35 - 2018-08-12 11:36 - 000014293 _____ C:\Documents and Settings\HP_Administrator\Plocha\FRST.txt
2018-08-12 10:31 - 2018-08-12 10:31 - 000066440 _____ C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2018-08-12 08:18 - 2018-08-12 08:21 - 000099609 _____ C:\Documents and Settings\HP_Administrator\Plocha\Fixlog.txt
2018-08-11 22:19 - 2018-08-11 22:22 - 000000000 ____D C:\AdwCleaner
2018-08-11 21:25 - 2018-08-11 21:25 - 000000000 ____D C:\Program Files\Sunbelt Software
2018-08-11 21:25 - 2018-08-11 21:25 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Sunbelt Software
2018-08-11 21:25 - 2008-10-31 07:09 - 000270888 ____R (Sunbelt Software, Inc.) C:\WINDOWS\system32\Drivers\SbFw.sys
2018-08-11 21:24 - 2008-06-21 04:54 - 000065576 _____ (Sunbelt Software, Inc.) C:\WINDOWS\system32\Drivers\SbFwIm.sys
2018-08-11 20:54 - 2018-08-12 11:35 - 000000000 ____D C:\FRST
2018-08-11 20:54 - 2018-08-11 20:54 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\FRSTLauncher.exe
2018-08-11 20:50 - 2018-08-11 20:50 - 001773056 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Plocha\FRST.exe
2018-08-11 19:45 - 2018-08-11 19:45 - 000265416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-11 12:03 - 2018-08-12 11:36 - 000026390 _____ C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2018-08-11 12:03 - 2018-08-11 12:03 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Data aplikací\Telefónica Móviles
2018-08-11 12:00 - 2018-08-11 12:00 - 000000698 _____ C:\Documents and Settings\All Users\Plocha\O2 Průvodce připojením.lnk
2018-08-11 12:00 - 2009-12-15 14:05 - 000113280 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbnet.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000102528 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000100736 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbdev.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000024448 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2018-08-11 11:53 - 2018-08-11 11:59 - 000000000 ____D C:\Program Files\O2
2018-08-11 11:53 - 2018-08-11 11:53 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\O2
2018-08-11 11:42 - 2018-08-11 11:42 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Data aplikací\Vodafone
2018-08-11 11:40 - 2018-08-11 11:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2018-08-11 11:39 - 2018-08-11 11:39 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Vodafone
2018-08-11 11:39 - 2014-09-19 17:59 - 001112288 ____R (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01007.dll
2018-08-11 11:39 - 2014-09-19 17:59 - 000077696 ____R (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2018-08-11 11:29 - 2018-08-11 11:29 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Downloaded Installations
2018-07-17 09:06 - 2018-07-17 09:06 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\AVAST Software
2018-07-17 08:52 - 2018-07-17 08:49 - 000321752 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-12 11:36 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2018-08-12 11:35 - 2010-09-17 20:05 - 000000000 ___HD C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací
2018-08-12 11:35 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Plocha
2018-08-12 09:32 - 2018-03-30 08:12 - 000000330 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-08-12 09:32 - 2017-04-04 15:25 - 000000360 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-08-12 09:07 - 2010-06-15 14:34 - 000000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2018-08-12 09:07 - 2010-06-15 14:34 - 000000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2018-08-12 08:34 - 2010-09-25 20:02 - 000000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-08-12 08:31 - 2010-06-15 13:28 - 000000188 _____ C:\WINDOWS\system\hpsysdrv.DAT
2018-08-12 08:31 - 2010-06-15 12:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-12 08:30 - 2010-09-17 20:05 - 000000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2018-08-12 08:30 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator
2018-08-12 08:30 - 2010-06-15 12:43 - 000032556 _____ C:\WINDOWS\SchedLgU.Txt
2018-08-12 08:21 - 2010-06-15 12:43 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2018-08-11 23:39 - 2010-09-17 20:05 - 000000000 ___RD C:\Documents and Settings\HP_Administrator\Dokumenty\Obrázky
2018-08-11 23:35 - 2014-03-30 08:55 - 000000244 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2018-08-11 23:34 - 2014-03-30 08:55 - 000000238 _____ C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2018-08-11 23:34 - 2010-09-25 20:02 - 000000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-08-11 23:33 - 2018-03-14 11:30 - 000000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-08-11 23:33 - 2012-10-27 21:41 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-08-11 23:23 - 2010-06-15 12:39 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-11 22:04 - 2010-06-15 13:27 - 000001158 _____ C:\WINDOWS\system32\wpa.dbl
2018-08-11 21:58 - 2010-06-15 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2018-08-11 21:58 - 2010-06-15 14:29 - 000000000 ___HD C:\WINDOWS\inf
2018-08-11 20:54 - 2010-09-25 20:02 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google
2018-08-11 19:31 - 2010-06-15 13:11 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2018-08-11 19:31 - 2010-06-15 13:03 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2018-08-11 13:46 - 2010-10-24 03:20 - 000000000 ____D C:\WINDOWS\Minidump
2018-08-11 12:39 - 2010-06-15 13:07 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2018-08-11 12:33 - 2010-06-15 14:34 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-08-11 12:33 - 2010-06-15 13:07 - 000000000 ____D C:\Program Files\Microsoft Office
2018-08-11 12:30 - 2010-06-15 13:11 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office
2018-08-11 12:16 - 2010-06-15 13:27 - 000000542 _____ C:\WINDOWS\win.ini
2018-08-11 12:16 - 2010-06-15 12:39 - 000000000 ____D C:\Program Files\Common Files\System
2018-08-11 12:03 - 2010-09-17 20:05 - 000000000 __RHD C:\Documents and Settings\HP_Administrator\Data aplikací
2018-08-11 12:02 - 2010-06-15 14:34 - 001030424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-11 12:02 - 2010-06-15 13:28 - 000432426 _____ C:\WINDOWS\system32\perfh005.dat
2018-08-11 12:02 - 2010-06-15 13:28 - 000079468 _____ C:\WINDOWS\system32\perfc005.dat
2018-08-11 10:41 - 2010-09-17 21:15 - 000000488 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{85461042-D0B4-4E96-A1F5-2F3BAC29AEA9}.job
2018-07-24 08:50 - 2010-09-17 21:11 - 000396352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-07-17 08:50 - 2016-05-31 09:36 - 000205864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-07-17 08:49 - 2017-11-17 10:15 - 000167552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-07-17 08:49 - 2014-10-17 09:38 - 000042808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000310784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000133680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000071848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-07-17 08:49 - 2010-09-17 21:11 - 000070840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-07-17 08:47 - 2018-01-05 10:14 - 000189240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-07-17 08:47 - 2011-07-02 10:31 - 000784120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000284328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000188352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000164944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000057976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
==================== Files in the root of some directories =======
2013-11-28 17:11 - 2013-08-22 18:36 - 006583664 _____ (AVAST Software) C:\Program Files\Alwi
2018-05-20 07:55 - 2018-05-20 07:55 - 007649280 _____ () C:\Program Files\GUT105.tmp
2010-12-04 16:51 - 2010-12-04 16:51 - 003276544 _____ (Ghisler Software GmbH) C:\Program Files\tcmd756.exe
2012-01-02 18:42 - 2012-01-02 18:42 - 000003584 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-18 12:49 - 2010-09-18 12:49 - 000000082 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\FASTWiz.log
2012-10-27 19:41 - 2012-10-27 21:07 - 083023306 ____T () C:\Documents and Settings\All Users\Data aplikací\dsgsdgdsgdsgw.pad
Some files in TEMP:
====================
2018-08-12 09:06 - 2009-10-14 15:53 - 001446920 _____ (PDF Complete Inc) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (COMPAQ) (Fixed) (Total:139.26 GB) (Free:127.84 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (COMPAQ_RECOVERY) (Fixed) (Total:9.78 GB) (Free:5.1 GB) NTFS
Drive e: (Recovery12) (CDROM) (Total:4.23 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:1.83 GB) (Free:1.12 GB) FAT
Available physical RAM: 1019.96 MB
Total physical RAM: 2038.17 MB
Percentage of memory in use: 49%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 149.1 GB) (Disk ID: 16941B95)
Partition 1: (Active) - (Size=139.3 GB) - (Type=06)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Disk: 1 (Protective MBR) (Size: 1.8 GB) (Disk ID: 00000000)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{85461042-D0B4-4E96-A1F5-2F3BAC29AEA9}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: Sunbelt Personal Firewall (Disabled) {82B1150E-9B37-49FC-83EB-D52197D900D0}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\HP_Administrator\Plocha" je 2 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
C:\WINDOWS\SMINST\Reminder.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut
"C:\Windows\SMINST\MUITransfer\MUIStartMenu.exe" "C:\Windows\SMINST" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VodafoneMobileBroadband
C:\Program Files\Vodafone\Vodafone Mobile Broadband\VmbNotifier.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Alwil Software\\Avast5\\AvEmUpdate.exe"="C:\\Program Files\\Alwil Software\\Avast5\\AvEmUpdate.exe:*:Enabled:Avast Emergency Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
Ran by HP_Administrator (administrator) on DOMA (12-08-2018 11:35:31)
Running from C:\Documents and Settings\HP_Administrator\Plocha
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
(Telefónica I+D) C:\Program Files\O2\O2CZ\EMMSN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Telefónica I+D) C:\Program Files\O2\Nori\Nori.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089ae-9d48-11e8-9e66-1cc1de4f37c4} - F:\SetupVMB.exe
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089b1-9d48-11e8-9e66-1cc1de4f37c4} - F:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{FE15315A-8390-47D1-BD9D-F62C74967BA5}: [NameServer] 194.228.211.33 160.218.161.60
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> {D50EB7F4-2A89-4461-942A-A4FA1DCBA293} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_2
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-10] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-10] (Oracle Corporation)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-27] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2018-08-12]
CHR Extension: (Dokumenty) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-08-09]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-08-12]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-31]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-07-11] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-10] (Oracle Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [95528 2008-10-31] (Sunbelt Software, Inc.)
R2 SPF4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [1365288 2008-10-31] (Sunbelt Software, Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [189240 2018-07-17] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39784 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70840 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [396352 2018-07-24] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205864 2018-07-17] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
R3 Huawei; C:\WINDOWS\System32\DRIVERS\ewdcsc.sys [24448 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\System32\DRIVERS\ew_jubusenum.sys [77696 2014-09-19] (Huawei Technologies Co., Ltd.) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [270888 2008-10-31] (Sunbelt Software, Inc.)
R3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [65576 2008-06-21] (Sunbelt Software, Inc.)
R1 sbhips; C:\WINDOWS\system32\drivers\sbhips.sys [66600 2008-06-21] (Sunbelt Software, Inc.)
R1 tidnet; C:\WINDOWS\System32\DRIVERS\tidnet.sys [19200 2009-09-15] (Telefónica I+D) [File not signed]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113280 2009-12-15] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-12 11:35 - 2018-08-12 11:36 - 000014293 _____ C:\Documents and Settings\HP_Administrator\Plocha\FRST.txt
2018-08-12 10:31 - 2018-08-12 10:31 - 000066440 _____ C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2018-08-12 08:18 - 2018-08-12 08:21 - 000099609 _____ C:\Documents and Settings\HP_Administrator\Plocha\Fixlog.txt
2018-08-11 22:19 - 2018-08-11 22:22 - 000000000 ____D C:\AdwCleaner
2018-08-11 21:25 - 2018-08-11 21:25 - 000000000 ____D C:\Program Files\Sunbelt Software
2018-08-11 21:25 - 2018-08-11 21:25 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Sunbelt Software
2018-08-11 21:25 - 2008-10-31 07:09 - 000270888 ____R (Sunbelt Software, Inc.) C:\WINDOWS\system32\Drivers\SbFw.sys
2018-08-11 21:24 - 2008-06-21 04:54 - 000065576 _____ (Sunbelt Software, Inc.) C:\WINDOWS\system32\Drivers\SbFwIm.sys
2018-08-11 20:54 - 2018-08-12 11:35 - 000000000 ____D C:\FRST
2018-08-11 20:54 - 2018-08-11 20:54 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\HP_Administrator\Plocha\FRSTLauncher.exe
2018-08-11 20:50 - 2018-08-11 20:50 - 001773056 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Plocha\FRST.exe
2018-08-11 19:45 - 2018-08-11 19:45 - 000265416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-11 12:03 - 2018-08-12 11:36 - 000026390 _____ C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2018-08-11 12:03 - 2018-08-11 12:03 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Data aplikací\Telefónica Móviles
2018-08-11 12:00 - 2018-08-11 12:00 - 000000698 _____ C:\Documents and Settings\All Users\Plocha\O2 Průvodce připojením.lnk
2018-08-11 12:00 - 2009-12-15 14:05 - 000113280 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbnet.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000102528 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000100736 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbdev.sys
2018-08-11 12:00 - 2009-12-15 14:05 - 000024448 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2018-08-11 11:53 - 2018-08-11 11:59 - 000000000 ____D C:\Program Files\O2
2018-08-11 11:53 - 2018-08-11 11:53 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\O2
2018-08-11 11:42 - 2018-08-11 11:42 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Data aplikací\Vodafone
2018-08-11 11:40 - 2018-08-11 11:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2018-08-11 11:39 - 2018-08-11 11:39 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Vodafone
2018-08-11 11:39 - 2014-09-19 17:59 - 001112288 ____R (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01007.dll
2018-08-11 11:39 - 2014-09-19 17:59 - 000077696 ____R (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2018-08-11 11:29 - 2018-08-11 11:29 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Downloaded Installations
2018-07-17 09:06 - 2018-07-17 09:06 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\AVAST Software
2018-07-17 08:52 - 2018-07-17 08:49 - 000321752 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-12 11:36 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2018-08-12 11:35 - 2010-09-17 20:05 - 000000000 ___HD C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací
2018-08-12 11:35 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Plocha
2018-08-12 09:32 - 2018-03-30 08:12 - 000000330 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-08-12 09:32 - 2017-04-04 15:25 - 000000360 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-08-12 09:07 - 2010-06-15 14:34 - 000000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2018-08-12 09:07 - 2010-06-15 14:34 - 000000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2018-08-12 08:34 - 2010-09-25 20:02 - 000000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-08-12 08:31 - 2010-06-15 13:28 - 000000188 _____ C:\WINDOWS\system\hpsysdrv.DAT
2018-08-12 08:31 - 2010-06-15 12:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-12 08:30 - 2010-09-17 20:05 - 000000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2018-08-12 08:30 - 2010-09-17 20:05 - 000000000 ____D C:\Documents and Settings\HP_Administrator
2018-08-12 08:30 - 2010-06-15 12:43 - 000032556 _____ C:\WINDOWS\SchedLgU.Txt
2018-08-12 08:21 - 2010-06-15 12:43 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2018-08-11 23:39 - 2010-09-17 20:05 - 000000000 ___RD C:\Documents and Settings\HP_Administrator\Dokumenty\Obrázky
2018-08-11 23:35 - 2014-03-30 08:55 - 000000244 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2018-08-11 23:34 - 2014-03-30 08:55 - 000000238 _____ C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2018-08-11 23:34 - 2010-09-25 20:02 - 000000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-08-11 23:33 - 2018-03-14 11:30 - 000000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-08-11 23:33 - 2012-10-27 21:41 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-08-11 23:23 - 2010-06-15 12:39 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-11 22:04 - 2010-06-15 13:27 - 000001158 _____ C:\WINDOWS\system32\wpa.dbl
2018-08-11 21:58 - 2010-06-15 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2018-08-11 21:58 - 2010-06-15 14:29 - 000000000 ___HD C:\WINDOWS\inf
2018-08-11 20:54 - 2010-09-25 20:02 - 000000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\Google
2018-08-11 19:31 - 2010-06-15 13:11 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2018-08-11 19:31 - 2010-06-15 13:03 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2018-08-11 13:46 - 2010-10-24 03:20 - 000000000 ____D C:\WINDOWS\Minidump
2018-08-11 12:39 - 2010-06-15 13:07 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2018-08-11 12:33 - 2010-06-15 14:34 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-08-11 12:33 - 2010-06-15 13:07 - 000000000 ____D C:\Program Files\Microsoft Office
2018-08-11 12:30 - 2010-06-15 13:11 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office
2018-08-11 12:16 - 2010-06-15 13:27 - 000000542 _____ C:\WINDOWS\win.ini
2018-08-11 12:16 - 2010-06-15 12:39 - 000000000 ____D C:\Program Files\Common Files\System
2018-08-11 12:03 - 2010-09-17 20:05 - 000000000 __RHD C:\Documents and Settings\HP_Administrator\Data aplikací
2018-08-11 12:02 - 2010-06-15 14:34 - 001030424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-11 12:02 - 2010-06-15 13:28 - 000432426 _____ C:\WINDOWS\system32\perfh005.dat
2018-08-11 12:02 - 2010-06-15 13:28 - 000079468 _____ C:\WINDOWS\system32\perfc005.dat
2018-08-11 10:41 - 2010-09-17 21:15 - 000000488 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{85461042-D0B4-4E96-A1F5-2F3BAC29AEA9}.job
2018-07-24 08:50 - 2010-09-17 21:11 - 000396352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-07-17 08:50 - 2016-05-31 09:36 - 000205864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-07-17 08:49 - 2017-11-17 10:15 - 000167552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-07-17 08:49 - 2014-10-17 09:38 - 000042808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000310784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000133680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-07-17 08:49 - 2013-08-22 18:38 - 000071848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-07-17 08:49 - 2010-09-17 21:11 - 000070840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-07-17 08:47 - 2018-01-05 10:14 - 000189240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-07-17 08:47 - 2011-07-02 10:31 - 000784120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000284328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000188352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000164944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-07-17 08:46 - 2017-04-04 15:25 - 000057976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
==================== Files in the root of some directories =======
2013-11-28 17:11 - 2013-08-22 18:36 - 006583664 _____ (AVAST Software) C:\Program Files\Alwi
2018-05-20 07:55 - 2018-05-20 07:55 - 007649280 _____ () C:\Program Files\GUT105.tmp
2010-12-04 16:51 - 2010-12-04 16:51 - 003276544 _____ (Ghisler Software GmbH) C:\Program Files\tcmd756.exe
2012-01-02 18:42 - 2012-01-02 18:42 - 000003584 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-18 12:49 - 2010-09-18 12:49 - 000000082 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\FASTWiz.log
2012-10-27 19:41 - 2012-10-27 21:07 - 083023306 ____T () C:\Documents and Settings\All Users\Data aplikací\dsgsdgdsgdsgw.pad
Some files in TEMP:
====================
2018-08-12 09:06 - 2009-10-14 15:53 - 001446920 _____ (PDF Complete Inc) C:\Documents and Settings\HP_Administrator\Local Settings\Temp\uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (COMPAQ) (Fixed) (Total:139.26 GB) (Free:127.84 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (COMPAQ_RECOVERY) (Fixed) (Total:9.78 GB) (Free:5.1 GB) NTFS
Drive e: (Recovery12) (CDROM) (Total:4.23 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:1.83 GB) (Free:1.12 GB) FAT
Available physical RAM: 1019.96 MB
Total physical RAM: 2038.17 MB
Percentage of memory in use: 49%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 149.1 GB) (Disk ID: 16941B95)
Partition 1: (Active) - (Size=139.3 GB) - (Type=06)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Disk: 1 (Protective MBR) (Size: 1.8 GB) (Disk ID: 00000000)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{85461042-D0B4-4E96-A1F5-2F3BAC29AEA9}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: Sunbelt Personal Firewall (Disabled) {82B1150E-9B37-49FC-83EB-D52197D900D0}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\HP_Administrator\Plocha" je 2 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
C:\WINDOWS\SMINST\Reminder.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut
"C:\Windows\SMINST\MUITransfer\MUIStartMenu.exe" "C:\Windows\SMINST" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VodafoneMobileBroadband
C:\Program Files\Vodafone\Vodafone Mobile Broadband\VmbNotifier.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Alwil Software\\Avast5\\AvEmUpdate.exe"="C:\\Program Files\\Alwil Software\\Avast5\\AvEmUpdate.exe:*:Enabled:Avast Emergency Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 118274
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovaný all in one PC Compaq
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089ae-9d48-11e8-9e66-1cc1de4f37c4} - F:\SetupVMB.exe
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089b1-9d48-11e8-9e66-1cc1de4f37c4} - F:\AutoRun.exe
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Program Files\GUT105.tmp
C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\HP_Administrator\Local Settings\Temp
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovaný all in one PC Compaq
Posílám a děkuji.
Fix result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
Ran by HP_Administrator (12-08-2018 12:11:17) Run:2
Running from C:\Documents and Settings\HP_Administrator\Plocha
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089ae-9d48-11e8-9e66-1cc1de4f37c4} - F:\SetupVMB.exe
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089b1-9d48-11e8-9e66-1cc1de4f37c4} - F:\AutoRun.exe
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Program Files\GUT105.tmp
C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\HP_Administrator\Local Settings\Temp
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-379970928-3254597947-3081504926-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d81089ae-9d48-11e8-9e66-1cc1de4f37c4}" => removed successfully.
HKLM\Software\Classes\CLSID\{d81089ae-9d48-11e8-9e66-1cc1de4f37c4} => not found
"HKU\S-1-5-21-379970928-3254597947-3081504926-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d81089b1-9d48-11e8-9e66-1cc1de4f37c4}" => removed successfully.
HKLM\Software\Classes\CLSID\{d81089b1-9d48-11e8-9e66-1cc1de4f37c4} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => removed successfully.
HKLM\Software\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully.
"HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => removed successfully.
HKLM\Software\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully.
"HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully.
"HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKLM\System\CurrentControlSet\Services\IntelIde" => removed successfully.
IntelIde => service removed successfully.
"HKLM\System\CurrentControlSet\Services\WS2IFSL" => removed successfully.
WS2IFSL => service removed successfully.
C:\Program Files\GUT105.tmp => moved successfully
"C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found
C:\Documents and Settings\HP_Administrator\Local Settings\Temp => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 9689 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 0 B
Edge => 0 B
Chrome => 88951666 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 0 B
All Users => 0 B
systemprofile => 0 B
LocalService => 692 B
NetworkService => 66228 B
HP_Administrator => 2235 B
RecycleBin => 0 B
EmptyTemp: => 84.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:12:05 ====
Fix result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
Ran by HP_Administrator (12-08-2018 12:11:17) Run:2
Running from C:\Documents and Settings\HP_Administrator\Plocha
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089ae-9d48-11e8-9e66-1cc1de4f37c4} - F:\SetupVMB.exe
HKU\S-1-5-21-379970928-3254597947-3081504926-1007\...\MountPoints2: {d81089b1-9d48-11e8-9e66-1cc1de4f37c4} - F:\AutoRun.exe
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-379970928-3254597947-3081504926-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-04] (Google Inc.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Program Files\GUT105.tmp
C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\HP_Administrator\Local Settings\Temp
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-379970928-3254597947-3081504926-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d81089ae-9d48-11e8-9e66-1cc1de4f37c4}" => removed successfully.
HKLM\Software\Classes\CLSID\{d81089ae-9d48-11e8-9e66-1cc1de4f37c4} => not found
"HKU\S-1-5-21-379970928-3254597947-3081504926-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d81089b1-9d48-11e8-9e66-1cc1de4f37c4}" => removed successfully.
HKLM\Software\Classes\CLSID\{d81089b1-9d48-11e8-9e66-1cc1de4f37c4} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => removed successfully.
HKLM\Software\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully.
"HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => removed successfully.
HKLM\Software\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully.
"HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully.
"HKU\S-1-5-21-379970928-3254597947-3081504926-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKLM\System\CurrentControlSet\Services\IntelIde" => removed successfully.
IntelIde => service removed successfully.
"HKLM\System\CurrentControlSet\Services\WS2IFSL" => removed successfully.
WS2IFSL => service removed successfully.
C:\Program Files\GUT105.tmp => moved successfully
"C:\Documents and Settings\HP_Administrator\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found
C:\Documents and Settings\HP_Administrator\Local Settings\Temp => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 9689 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 0 B
Edge => 0 B
Chrome => 88951666 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 0 B
All Users => 0 B
systemprofile => 0 B
LocalService => 692 B
NetworkService => 66228 B
HP_Administrator => 2235 B
RecycleBin => 0 B
EmptyTemp: => 84.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:12:05 ====
Re: zavirovaný all in one PC Compaq
Malý poznatek. Po odstranění AdBlocku se zátěž procesoru snížila, a to velmi výrazně.
-
Rudy
- Site Admin
- Příspěvky: 118274
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovaný all in one PC Compaq
OK, je to možné. Jinak nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovaný all in one PC Compaq
Na první dobrou určitě je znát posun. Vše určitě ožilo. Moc díky. 
-
Rudy
- Site Admin
- Příspěvky: 118274
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovaný all in one PC Compaq
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?