Raději se zeptám. V návodu se píše:
Spuštění FRSTLauncheru
Pokud používáte Win Vista či W7, klikněte na FRSTLauncher pravým tlačítkem myši a dejte Run As Administrator či Spustit jako správce.
Jak spustit u XP? Jako aktuální uživatel nebo administrátor?
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - nejde mi zapnou brána firewall
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
Normalne dvojklikem. Pokud to bude z uctu, ktery ma admin prava, bude to fajn 
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by lenka (administrator) on FERDA on 03-05-2015 15:27:11
Running from C:\Documents and Settings\lenka\Plocha
Loaded Profiles: lenka (Available profiles: lenka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Dritek System Inc.) C:\PROGRA~1\MediaKey\MEDIAKEY.EXE
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(ScanSoft, Inc) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Portrait Displays, Inc) C:\Program Files\Philips Display\SmartControl\dthtml.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\lenka\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17567744 2009-03-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MediaKey] => C:\Program Files\MediaKey\MEDIAKEY.EXE [135168 2001-01-15] (Dritek System Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [172032 2003-03-11] (HP)
HKLM\...\Run: [DeviceDiscovery] => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [40960 2002-12-02] (Hewlett-Packard)
HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM\...\Run: [DT PLP] => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-05-17] ()
HKLM\...\Run: [Omnipage] => C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-13] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1957994488-764733703-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKLM -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1957994488-764733703-839522115-1003 -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)
Toolbar: HKU\S-1-5-21-1957994488-764733703-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.3 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll [2007-09-07] (Solidworks Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-03] (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\Extensions\artur.dubovoy@gmail.com [2015-04-26]
FF Extension: Youtube Video Center - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\Extensions\{34878998-c8be-40bc-bc13-9243a2844976}(2) [2013-04-10]
FF Extension: Youtube MP3 Converter - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\Extensions\2conv@hotger.com.xpi [2013-01-16]
FF Extension: Video DownloadHelper - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-04-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-22]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2012-08-01]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-01-07]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
CHR Profile: C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (YouTube) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\DOCUME~1\lenka\LOCALS~1\Temp\ccex.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [121456 2010-05-17] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-30] (Oracle Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2010-04-16] (Portrait Displays, Inc.)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-04-27] (SolidWorks) [File not signed]
R2 Správce výběru OS; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-07-07] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 KBFiltr; C:\WINDOWS\System32\Drivers\KBFiltr.sys [13620 2000-04-08] () [File not signed]
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [38400 2008-09-23] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2010-04-16] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.) [File not signed]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
U3 mbr; \??\C:\DOCUME~1\lenka\LOCALS~1\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 15:27 - 2015-05-03 15:27 - 00018201 _____ () C:\Documents and Settings\lenka\Plocha\FRST.txt
2015-05-03 15:26 - 2015-05-03 14:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\lenka\Plocha\FRSTLauncher.exe
2015-05-03 11:47 - 2015-05-03 11:47 - 00011099 _____ () C:\ComboFix.txt
2015-05-03 11:47 - 2015-05-03 11:47 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-05-03 11:47 - 2015-05-03 11:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-05-03 11:47 - 2015-05-03 11:47 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-05-03 09:51 - 2015-05-03 09:51 - 00000000 _RSHD () C:\cmdcons
2015-05-03 09:51 - 2012-01-14 15:00 - 00000211 _____ () C:\Boot.bak
2015-05-03 09:51 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2015-05-03 09:48 - 2015-05-03 11:47 - 00000000 ____D () C:\Qoobox
2015-05-03 09:48 - 2015-05-03 11:41 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-03 09:48 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-03 09:48 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-03 09:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-03 09:12 - 2015-05-03 09:10 - 05619691 ____R (Swearware) C:\Documents and Settings\lenka\Plocha\ComboFix.exe
2015-05-01 15:52 - 2015-05-01 15:52 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\Malwarebytes
2015-05-01 15:51 - 2015-05-01 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-05-01 15:50 - 2015-05-01 15:51 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\lenka\Plocha\mbam-setup-1.75.0.1300.exe
2015-05-01 15:47 - 2015-05-01 15:47 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\IAC
2015-05-01 15:46 - 2015-05-01 15:46 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\iolo
2015-05-01 15:46 - 2015-05-01 15:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\iolo
2015-05-01 15:24 - 2015-05-01 15:24 - 05292054 _____ () C:\Documents and Settings\lenka\Plocha\viry.bmp
2015-05-01 14:41 - 2015-05-01 14:42 - 02204160 _____ () C:\Documents and Settings\lenka\Plocha\adwcleaner_4.203.exe
2015-04-27 19:18 - 2015-04-27 19:18 - 00000000 ____D () C:\Program Files\HeluzKominy
2015-04-27 19:18 - 2015-04-27 19:18 - 00000000 ____D () C:\Documents and Settings\lenka\Nabídka Start\Programy\HELUZ komín
2015-04-27 19:12 - 2015-04-27 19:12 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\DassaultSystemes
2015-04-27 19:12 - 2015-04-27 19:12 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\DassaultSystemes
2015-04-27 19:12 - 2015-04-27 19:12 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
2015-04-27 19:10 - 2015-04-27 19:10 - 00001827 _____ () C:\Documents and Settings\All Users\Plocha\eDrawings 2008.lnk
2015-04-27 19:10 - 2015-04-27 19:10 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2015-04-27 19:10 - 2015-04-27 19:10 - 00000000 ____D () C:\Program Files\Common Files\eDrawings2008
2015-04-27 19:10 - 2015-04-27 19:10 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\SolidWorks 2008
2015-04-27 19:10 - 2015-04-27 19:10 - 00000000 _____ () C:\WINDOWS\eDrawingOfficeAutomator.INI
2015-04-27 19:02 - 2015-04-27 19:02 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\Downloaded Installations
2015-04-24 16:13 - 2015-04-24 16:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-20 21:45 - 2015-04-20 21:45 - 00081920 _____ () C:\WINDOWS\Minidump\Mini042015-01.dmp
2015-04-12 19:47 - 2015-04-13 18:22 - 00000000 ____D () C:\Documents and Settings\lenka\Plocha\Iva
2015-04-04 08:59 - 2015-04-04 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\AVAST Software
2015-04-04 08:57 - 2015-01-10 23:09 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 15:27 - 2014-01-05 18:22 - 00000000 ____D () C:\FRST
2015-05-03 15:27 - 2012-01-14 15:10 - 00000000 ____D () C:\Documents and Settings\lenka\Plocha
2015-05-03 15:27 - 2012-01-14 15:10 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Temp
2015-05-03 15:26 - 2012-01-14 15:10 - 00000000 ___HD () C:\Documents and Settings\lenka\Local Settings\Data aplikací
2015-05-03 14:18 - 2012-01-14 15:07 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-05-03 14:12 - 2014-01-05 18:04 - 01140736 _____ (Farbar) C:\Documents and Settings\lenka\Plocha\FRST.exe
2015-05-03 11:47 - 2014-01-05 15:06 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-03 11:45 - 2012-01-14 15:04 - 01948202 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-03 11:43 - 2012-02-22 17:07 - 00001505 _____ () C:\Documents and Settings\lenka\Plocha\SmartControl.lnk
2015-05-03 11:43 - 2006-03-02 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-03 11:42 - 2012-01-14 15:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-03 11:42 - 2012-01-14 15:59 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-05-03 11:42 - 2012-01-14 15:10 - 00000178 ___SH () C:\Documents and Settings\lenka\ntuser.ini
2015-05-03 11:42 - 2012-01-14 15:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-03 11:36 - 2012-01-14 15:10 - 00000000 __RHD () C:\Documents and Settings\lenka\Data aplikací
2015-05-03 11:35 - 2013-04-07 15:06 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-03 09:57 - 2012-01-14 15:10 - 00000000 ____D () C:\Documents and Settings\lenka
2015-05-03 09:51 - 2012-01-14 15:55 - 00000327 __RSH () C:\boot.ini
2015-05-03 09:45 - 2012-01-14 15:10 - 00000000 ___RD () C:\Documents and Settings\lenka\Dokumenty\Obrázky
2015-05-03 09:21 - 2012-01-14 15:56 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-05-03 09:21 - 2012-01-14 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-05-02 15:23 - 2014-07-09 19:34 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\calibre
2015-05-02 08:31 - 2012-01-14 15:57 - 01368950 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-02 08:26 - 2012-08-01 16:45 - 00000000 ___RD () C:\Documents and Settings\lenka\Dokumenty\Filmy
2015-05-02 08:26 - 2012-01-14 15:50 - 00000000 ____D () C:\WINDOWS\Resources
2015-05-01 23:59 - 2013-12-20 15:18 - 00001822 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2015-05-01 19:13 - 2012-02-27 18:28 - 00000155 _____ () C:\WINDOWS\NeroDigital.ini
2015-05-01 19:12 - 2013-05-14 17:47 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\vlc
2015-05-01 19:07 - 2012-03-05 22:10 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\dvdcss
2015-05-01 16:44 - 2013-08-18 16:24 - 00000000 ____D () C:\Program Files\Flvto Youtube Downloader
2015-05-01 16:24 - 2012-02-08 19:19 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-01 15:59 - 2012-01-14 15:56 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-05-01 15:40 - 2012-01-15 14:51 - 00002503 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft PhotoDraw Verze 2.lnk
2015-05-01 14:45 - 2014-01-07 18:34 - 00000000 ____D () C:\AdwCleaner
2015-05-01 14:37 - 2012-12-04 22:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-05-01 13:48 - 2012-01-20 20:31 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\BitTorrent
2015-05-01 13:24 - 2015-03-22 21:07 - 00000000 ____D () C:\Program Files\trend micro
2015-05-01 11:42 - 2014-01-05 15:01 - 00170187 _____ () C:\aaw7boot.log
2015-04-30 15:59 - 2006-03-02 14:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-27 19:18 - 2012-01-14 15:10 - 00000000 ___RD () C:\Documents and Settings\lenka\Nabídka Start\Programy
2015-04-27 17:19 - 2014-10-28 20:36 - 00442880 _____ () C:\Documents and Settings\lenka\Plocha\FanFiction.xls
2015-04-26 10:57 - 2012-04-10 17:56 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-26 10:57 - 2012-01-14 19:23 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-26 10:57 - 2012-01-14 18:23 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\Adobe
2015-04-26 08:38 - 2013-03-29 23:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-20 21:45 - 2012-03-27 19:04 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-18 09:45 - 2013-10-15 21:34 - 00159072 _____ () C:\WINDOWS\setupapi.log
2015-04-13 18:22 - 2013-02-21 18:14 - 00580096 ___SH () C:\Documents and Settings\lenka\Plocha\Thumbs.db
2015-04-09 18:57 - 2012-02-26 21:47 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\Canon
2015-04-06 21:16 - 2012-01-14 15:10 - 00000000 ___RD () C:\Documents and Settings\lenka\Oblíbené položky
2015-04-04 08:59 - 2015-01-10 23:09 - 00001740 _____ () C:\Documents and Settings\All Users\Plocha\Avast Free Antivirus.lnk
2015-04-04 08:56 - 2012-01-14 15:09 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-04 08:55 - 2015-04-01 21:32 - 00000000 ____D () C:\WINDOWS\system32\KB905474
2015-04-04 08:55 - 2012-01-14 15:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
==================== Files in the root of some directories =======
2012-01-15 17:32 - 2014-04-30 22:01 - 0088064 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-13 20:04 - 2014-11-13 20:04 - 0000000 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\FileViewPro.Wpd.html
2012-02-12 13:27 - 2013-01-26 16:20 - 0001909 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\SRDownloader.err
2012-02-12 13:32 - 2013-08-10 12:17 - 0000976 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\SRDownloader.nast
2012-02-11 09:41 - 2012-02-11 09:41 - 0000084 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\SRDownloader[1].err
2012-02-11 09:43 - 2012-05-01 21:47 - 0004712 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\SRDownloader[1].nast
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (SYSTEM XP) (Fixed) (Total:97.65 GB) (Free:12.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (SKLAD XP) (Fixed) (Total:368.1 GB) (Free:22.91 GB) NTFS
Drive f: (SYSTEM 7) (Fixed) (Total:244.14 GB) (Free:218.71 GB) NTFS
Drive h: (STORE) (Fixed) (Total:454.49 GB) (Free:453.43 GB) NTFS
Drive j: () (Removable) (Total:7.48 GB) (Free:4.16 GB) FAT32
Available physical RAM: 2893.79 MB
Total physical RAM: 3549.04 MB
Percentage of memory in use: 18%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0D7649D2)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 03FE03FD)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.5 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: E795C15C)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\lenka\Plocha" je 4425 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\TRANSLAT\\WEBTRANS.EXE"="C:\\TRANSLAT\\WEBTRANS.EXE:*:Enabled:WebTrans"
"C:\\Program Files\\BitTorrent\\BitTorrent.exe"="C:\\Program Files\\BitTorrent\\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\soft602\\langserv.exe"="C:\\Program Files\\Common Files\\soft602\\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\HeluzKominy\\Firebird\\bin\\fbserver.exe"="C:\\Program Files\\HeluzKominy\\Firebird\\bin\\fbserver.exe:*:Enabled:Firebird SQL Server"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4662:TCP"="4662:TCP:*:Enabled:emule1"
"4672:TCP"="4672:TCP:*:Enabled:emule2"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by lenka (administrator) on FERDA on 03-05-2015 15:27:11
Running from C:\Documents and Settings\lenka\Plocha
Loaded Profiles: lenka (Available profiles: lenka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Dritek System Inc.) C:\PROGRA~1\MediaKey\MEDIAKEY.EXE
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(ScanSoft, Inc) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Portrait Displays, Inc) C:\Program Files\Philips Display\SmartControl\dthtml.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\lenka\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17567744 2009-03-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MediaKey] => C:\Program Files\MediaKey\MEDIAKEY.EXE [135168 2001-01-15] (Dritek System Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [172032 2003-03-11] (HP)
HKLM\...\Run: [DeviceDiscovery] => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [40960 2002-12-02] (Hewlett-Packard)
HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM\...\Run: [DT PLP] => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-05-17] ()
HKLM\...\Run: [Omnipage] => C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-13] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1957994488-764733703-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-01-10] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKLM -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1957994488-764733703-839522115-1003 -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-10] (AVAST Software)
Toolbar: HKU\S-1-5-21-1957994488-764733703-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.3 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll [2007-09-07] (Solidworks Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-03] (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\Extensions\artur.dubovoy@gmail.com [2015-04-26]
FF Extension: Youtube Video Center - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\Extensions\{34878998-c8be-40bc-bc13-9243a2844976}(2) [2013-04-10]
FF Extension: Youtube MP3 Converter - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\Extensions\2conv@hotger.com.xpi [2013-01-16]
FF Extension: Video DownloadHelper - C:\Documents and Settings\lenka\Data aplikací\Mozilla\Firefox\Profiles\2eoj0vf2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-04-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-22]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2012-08-01]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-01-07]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
CHR Profile: C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (YouTube) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Documents and Settings\lenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\DOCUME~1\lenka\LOCALS~1\Temp\ccex.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [121456 2010-05-17] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-30] (Oracle Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2010-04-16] (Portrait Displays, Inc.)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-04-27] (SolidWorks) [File not signed]
R2 Správce výběru OS; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-07-07] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 KBFiltr; C:\WINDOWS\System32\Drivers\KBFiltr.sys [13620 2000-04-08] () [File not signed]
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [38400 2008-09-23] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2010-04-16] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.) [File not signed]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
U3 mbr; \??\C:\DOCUME~1\lenka\LOCALS~1\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 15:27 - 2015-05-03 15:27 - 00018201 _____ () C:\Documents and Settings\lenka\Plocha\FRST.txt
2015-05-03 15:26 - 2015-05-03 14:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\lenka\Plocha\FRSTLauncher.exe
2015-05-03 11:47 - 2015-05-03 11:47 - 00011099 _____ () C:\ComboFix.txt
2015-05-03 11:47 - 2015-05-03 11:47 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-05-03 11:47 - 2015-05-03 11:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-05-03 11:47 - 2015-05-03 11:47 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-05-03 09:51 - 2015-05-03 09:51 - 00000000 _RSHD () C:\cmdcons
2015-05-03 09:51 - 2012-01-14 15:00 - 00000211 _____ () C:\Boot.bak
2015-05-03 09:51 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2015-05-03 09:48 - 2015-05-03 11:47 - 00000000 ____D () C:\Qoobox
2015-05-03 09:48 - 2015-05-03 11:41 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-03 09:48 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-03 09:48 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-03 09:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-03 09:48 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-03 09:12 - 2015-05-03 09:10 - 05619691 ____R (Swearware) C:\Documents and Settings\lenka\Plocha\ComboFix.exe
2015-05-01 15:52 - 2015-05-01 15:52 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\Malwarebytes
2015-05-01 15:51 - 2015-05-01 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-05-01 15:50 - 2015-05-01 15:51 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\lenka\Plocha\mbam-setup-1.75.0.1300.exe
2015-05-01 15:47 - 2015-05-01 15:47 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\IAC
2015-05-01 15:46 - 2015-05-01 15:46 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\iolo
2015-05-01 15:46 - 2015-05-01 15:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\iolo
2015-05-01 15:24 - 2015-05-01 15:24 - 05292054 _____ () C:\Documents and Settings\lenka\Plocha\viry.bmp
2015-05-01 14:41 - 2015-05-01 14:42 - 02204160 _____ () C:\Documents and Settings\lenka\Plocha\adwcleaner_4.203.exe
2015-04-27 19:18 - 2015-04-27 19:18 - 00000000 ____D () C:\Program Files\HeluzKominy
2015-04-27 19:18 - 2015-04-27 19:18 - 00000000 ____D () C:\Documents and Settings\lenka\Nabídka Start\Programy\HELUZ komín
2015-04-27 19:12 - 2015-04-27 19:12 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\DassaultSystemes
2015-04-27 19:12 - 2015-04-27 19:12 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\DassaultSystemes
2015-04-27 19:12 - 2015-04-27 19:12 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
2015-04-27 19:10 - 2015-04-27 19:10 - 00001827 _____ () C:\Documents and Settings\All Users\Plocha\eDrawings 2008.lnk
2015-04-27 19:10 - 2015-04-27 19:10 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2015-04-27 19:10 - 2015-04-27 19:10 - 00000000 ____D () C:\Program Files\Common Files\eDrawings2008
2015-04-27 19:10 - 2015-04-27 19:10 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\SolidWorks 2008
2015-04-27 19:10 - 2015-04-27 19:10 - 00000000 _____ () C:\WINDOWS\eDrawingOfficeAutomator.INI
2015-04-27 19:02 - 2015-04-27 19:02 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\Downloaded Installations
2015-04-24 16:13 - 2015-04-24 16:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-20 21:45 - 2015-04-20 21:45 - 00081920 _____ () C:\WINDOWS\Minidump\Mini042015-01.dmp
2015-04-12 19:47 - 2015-04-13 18:22 - 00000000 ____D () C:\Documents and Settings\lenka\Plocha\Iva
2015-04-04 08:59 - 2015-04-04 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\AVAST Software
2015-04-04 08:57 - 2015-01-10 23:09 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 15:27 - 2014-01-05 18:22 - 00000000 ____D () C:\FRST
2015-05-03 15:27 - 2012-01-14 15:10 - 00000000 ____D () C:\Documents and Settings\lenka\Plocha
2015-05-03 15:27 - 2012-01-14 15:10 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Temp
2015-05-03 15:26 - 2012-01-14 15:10 - 00000000 ___HD () C:\Documents and Settings\lenka\Local Settings\Data aplikací
2015-05-03 14:18 - 2012-01-14 15:07 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-05-03 14:12 - 2014-01-05 18:04 - 01140736 _____ (Farbar) C:\Documents and Settings\lenka\Plocha\FRST.exe
2015-05-03 11:47 - 2014-01-05 15:06 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-03 11:45 - 2012-01-14 15:04 - 01948202 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-03 11:43 - 2012-02-22 17:07 - 00001505 _____ () C:\Documents and Settings\lenka\Plocha\SmartControl.lnk
2015-05-03 11:43 - 2006-03-02 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-03 11:42 - 2012-01-14 15:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-03 11:42 - 2012-01-14 15:59 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-05-03 11:42 - 2012-01-14 15:10 - 00000178 ___SH () C:\Documents and Settings\lenka\ntuser.ini
2015-05-03 11:42 - 2012-01-14 15:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-03 11:36 - 2012-01-14 15:10 - 00000000 __RHD () C:\Documents and Settings\lenka\Data aplikací
2015-05-03 11:35 - 2013-04-07 15:06 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-03 09:57 - 2012-01-14 15:10 - 00000000 ____D () C:\Documents and Settings\lenka
2015-05-03 09:51 - 2012-01-14 15:55 - 00000327 __RSH () C:\boot.ini
2015-05-03 09:45 - 2012-01-14 15:10 - 00000000 ___RD () C:\Documents and Settings\lenka\Dokumenty\Obrázky
2015-05-03 09:21 - 2012-01-14 15:56 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-05-03 09:21 - 2012-01-14 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-05-02 15:23 - 2014-07-09 19:34 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\calibre
2015-05-02 08:31 - 2012-01-14 15:57 - 01368950 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-02 08:26 - 2012-08-01 16:45 - 00000000 ___RD () C:\Documents and Settings\lenka\Dokumenty\Filmy
2015-05-02 08:26 - 2012-01-14 15:50 - 00000000 ____D () C:\WINDOWS\Resources
2015-05-01 23:59 - 2013-12-20 15:18 - 00001822 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2015-05-01 19:13 - 2012-02-27 18:28 - 00000155 _____ () C:\WINDOWS\NeroDigital.ini
2015-05-01 19:12 - 2013-05-14 17:47 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\vlc
2015-05-01 19:07 - 2012-03-05 22:10 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\dvdcss
2015-05-01 16:44 - 2013-08-18 16:24 - 00000000 ____D () C:\Program Files\Flvto Youtube Downloader
2015-05-01 16:24 - 2012-02-08 19:19 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-01 15:59 - 2012-01-14 15:56 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-05-01 15:40 - 2012-01-15 14:51 - 00002503 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft PhotoDraw Verze 2.lnk
2015-05-01 14:45 - 2014-01-07 18:34 - 00000000 ____D () C:\AdwCleaner
2015-05-01 14:37 - 2012-12-04 22:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-05-01 13:48 - 2012-01-20 20:31 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\BitTorrent
2015-05-01 13:24 - 2015-03-22 21:07 - 00000000 ____D () C:\Program Files\trend micro
2015-05-01 11:42 - 2014-01-05 15:01 - 00170187 _____ () C:\aaw7boot.log
2015-04-30 15:59 - 2006-03-02 14:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-27 19:18 - 2012-01-14 15:10 - 00000000 ___RD () C:\Documents and Settings\lenka\Nabídka Start\Programy
2015-04-27 17:19 - 2014-10-28 20:36 - 00442880 _____ () C:\Documents and Settings\lenka\Plocha\FanFiction.xls
2015-04-26 10:57 - 2012-04-10 17:56 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-26 10:57 - 2012-01-14 19:23 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-26 10:57 - 2012-01-14 18:23 - 00000000 ____D () C:\Documents and Settings\lenka\Local Settings\Data aplikací\Adobe
2015-04-26 08:38 - 2013-03-29 23:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-20 21:45 - 2012-03-27 19:04 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-18 09:45 - 2013-10-15 21:34 - 00159072 _____ () C:\WINDOWS\setupapi.log
2015-04-13 18:22 - 2013-02-21 18:14 - 00580096 ___SH () C:\Documents and Settings\lenka\Plocha\Thumbs.db
2015-04-09 18:57 - 2012-02-26 21:47 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\Canon
2015-04-06 21:16 - 2012-01-14 15:10 - 00000000 ___RD () C:\Documents and Settings\lenka\Oblíbené položky
2015-04-04 08:59 - 2015-01-10 23:09 - 00001740 _____ () C:\Documents and Settings\All Users\Plocha\Avast Free Antivirus.lnk
2015-04-04 08:56 - 2012-01-14 15:09 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-04 08:55 - 2015-04-01 21:32 - 00000000 ____D () C:\WINDOWS\system32\KB905474
2015-04-04 08:55 - 2012-01-14 15:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
==================== Files in the root of some directories =======
2012-01-15 17:32 - 2014-04-30 22:01 - 0088064 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-13 20:04 - 2014-11-13 20:04 - 0000000 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\FileViewPro.Wpd.html
2012-02-12 13:27 - 2013-01-26 16:20 - 0001909 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\SRDownloader.err
2012-02-12 13:32 - 2013-08-10 12:17 - 0000976 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\SRDownloader.nast
2012-02-11 09:41 - 2012-02-11 09:41 - 0000084 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\SRDownloader[1].err
2012-02-11 09:43 - 2012-05-01 21:47 - 0004712 _____ () C:\Documents and Settings\lenka\Local Settings\Data aplikací\SRDownloader[1].nast
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (SYSTEM XP) (Fixed) (Total:97.65 GB) (Free:12.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (SKLAD XP) (Fixed) (Total:368.1 GB) (Free:22.91 GB) NTFS
Drive f: (SYSTEM 7) (Fixed) (Total:244.14 GB) (Free:218.71 GB) NTFS
Drive h: (STORE) (Fixed) (Total:454.49 GB) (Free:453.43 GB) NTFS
Drive j: () (Removable) (Total:7.48 GB) (Free:4.16 GB) FAT32
Available physical RAM: 2893.79 MB
Total physical RAM: 3549.04 MB
Percentage of memory in use: 18%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0D7649D2)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 03FE03FD)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.5 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: E795C15C)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\lenka\Plocha" je 4425 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\TRANSLAT\\WEBTRANS.EXE"="C:\\TRANSLAT\\WEBTRANS.EXE:*:Enabled:WebTrans"
"C:\\Program Files\\BitTorrent\\BitTorrent.exe"="C:\\Program Files\\BitTorrent\\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\soft602\\langserv.exe"="C:\\Program Files\\Common Files\\soft602\\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\HeluzKominy\\Firebird\\bin\\fbserver.exe"="C:\\Program Files\\HeluzKominy\\Firebird\\bin\\fbserver.exe:*:Enabled:Firebird SQL Server"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4662:TCP"="4662:TCP:*:Enabled:emule1"
"4672:TCP"="4672:TCP:*:Enabled:emule2"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (6.28 KiB) Staženo 85 x
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
joj píše:***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\lenka\Plocha" je 4425 MB.
Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku 
Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1957994488-764733703-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AW7^xdm009^YYA^cz&si=CPPWlsXWoMUCFagfwwod7z0A7w&ptb=87FCDD4F-35DA-4737-8ACE-D695137AA0EA&ind=2015050109&n=781b397d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AW7^xdm009^YYA^cz&si=CPPWlsXWoMUCFagfwwod7z0A7w&ptb=87FCDD4F-35DA-4737-8ACE-D695137AA0EA&ind=2015050109&n=781b397d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1957994488-764733703-839522115-1003 -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AW7^xdm009^YYA^cz&si=CPPWlsXWoMUCFagfwwod7z0A7w&ptb=87FCDD4F-35DA-4737-8ACE-D695137AA0EA&ind=2015050109&n=781b397d&psa=&st=sb&searchfor={searchTerms}
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\DOCUME~1\lenka\LOCALS~1\Temp\ccex.crx [Not Found]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-30] (Oracle Corporation)
S3 NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
U3 mbr; \??\C:\DOCUME~1\lenka\LOCALS~1\Temp\mbr.sys [X]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26 268464]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
2015-05-01 15:52 - 2015-05-01 15:52 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\Malwarebytes
2015-05-01 15:51 - 2015-05-01 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-05-01 15:50 - 2015-05-01 15:51 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\lenka\Plocha\mbam-setup-1.75.0.1300.exe
2015-05-01 14:37 - 2012-12-04 22:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Lavasoft
Hosts:
EmptyTemp:
Reboot:
EndKliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
Plochu vyčistím. Ani jsem nevěděla, kolik MB zabírá.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-05-2015
Ran by lenka at 2015-05-03 17:39:29 Run:2
Running from C:\Documents and Settings\lenka\Plocha
Loaded Profiles: lenka (Available profiles: lenka)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1957994488-764733703-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKLM -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKU\S-1-5-21-1957994488-764733703-839522115-1003 -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\DOCUME~1\lenka\LOCALS~1\Temp\ccex.crx [Not Found]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-30] (Oracle Corporation)
S3 NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
U3 mbr; \??\C:\DOCUME~1\lenka\LOCALS~1\Temp\mbr.sys [X]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26 268464]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
2015-05-01 15:52 - 2015-05-01 15:52 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\Malwarebytes
2015-05-01 15:51 - 2015-05-01 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-05-01 15:50 - 2015-05-01 15:51 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\lenka\Plocha\mbam-setup-1.75.0.1300.exe
2015-05-01 14:37 - 2012-12-04 22:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Lavasoft
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8684a7c7-3ade-4208-ad43-ad57a1af352c}" => Key deleted successfully.
HKCR\CLSID\{8684a7c7-3ade-4208-ad43-ad57a1af352c} => Key not found.
"HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8684a7c7-3ade-4208-ad43-ad57a1af352c}" => Key deleted successfully.
HKCR\CLSID\{8684a7c7-3ade-4208-ad43-ad57a1af352c} => Key not found.
Chrome HomePage deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => Key deleted successfully.
JavaQuickStarterService => Service deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
SRTSP => Service deleted successfully.
SRTSPX => Service deleted successfully.
mbr => Service deleted successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
C:\Documents and Settings\lenka\Data aplikací\Malwarebytes => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes => Moved successfully.
C:\Documents and Settings\lenka\Plocha\mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Lavasoft => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 668.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:40:10 ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-05-2015
Ran by lenka at 2015-05-03 17:39:29 Run:2
Running from C:\Documents and Settings\lenka\Plocha
Loaded Profiles: lenka (Available profiles: lenka)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1957994488-764733703-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKLM -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKU\S-1-5-21-1957994488-764733703-839522115-1003 -> {8684a7c7-3ade-4208-ad43-ad57a1af352c} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\DOCUME~1\lenka\LOCALS~1\Temp\ccex.crx [Not Found]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-30] (Oracle Corporation)
S3 NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
U3 mbr; \??\C:\DOCUME~1\lenka\LOCALS~1\Temp\mbr.sys [X]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26 268464]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-20 116648]
2015-05-01 15:52 - 2015-05-01 15:52 - 00000000 ____D () C:\Documents and Settings\lenka\Data aplikací\Malwarebytes
2015-05-01 15:51 - 2015-05-01 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-05-01 15:50 - 2015-05-01 15:51 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\lenka\Plocha\mbam-setup-1.75.0.1300.exe
2015-05-01 14:37 - 2012-12-04 22:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Lavasoft
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8684a7c7-3ade-4208-ad43-ad57a1af352c}" => Key deleted successfully.
HKCR\CLSID\{8684a7c7-3ade-4208-ad43-ad57a1af352c} => Key not found.
"HKU\S-1-5-21-1957994488-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8684a7c7-3ade-4208-ad43-ad57a1af352c}" => Key deleted successfully.
HKCR\CLSID\{8684a7c7-3ade-4208-ad43-ad57a1af352c} => Key not found.
Chrome HomePage deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => Key deleted successfully.
JavaQuickStarterService => Service deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
SRTSP => Service deleted successfully.
SRTSPX => Service deleted successfully.
mbr => Service deleted successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
C:\Documents and Settings\lenka\Data aplikací\Malwarebytes => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes => Moved successfully.
C:\Documents and Settings\lenka\Plocha\mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Lavasoft => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 668.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:40:10 ====
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat. vyosek píše:
- Stahnete a spustte
- Ponechte zatrzitkou pouze u volby Remove disinfection tools
- Kliknete na Run
Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)
Defragmentujte disk(y) (SSD Disky ne!)Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak je na tom pc.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
Díky moc za pomoc. Defragmentace bude asi na delší dobu. Pak se ozvu.
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
Nemate zac!
Jasne, pak napiste
Jasne, pak napiste
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
Zdravím. Defragmentace provedena. Plocha pročištěna. Brána zapnuta.
Díky moc.
Díky moc.
Re: Prosím o kontrolu logu - nejde mi zapnou brána firewall
Nemate vubec zac, rado se stalo!
Mejte se krasne a treba zase nekdy
Mejte se krasne a treba zase nekdy
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?