Prosím o kontrolu

Zpráva

zdenek72 · #1 Příspěvek od **zdenek72** » 08 črc 2015 09:31

Zdravím prosím o kontrolu, díky.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by zdenek (administrator) on ZDENEK on 08-07-2015 10:20:22
Running from C:\Documents and Settings\zdenek\Plocha
Loaded Profiles: zdenek (Available Profiles: zdenek)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\MountPoints2: {3e9da61a-bb53-11e4-989f-0013d391c025} - G:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\UltraMon.scr
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-06] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.oursurfing.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dsp ... earchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.oursurfing.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {75C016F5-D587-4833-BF25-3BE10EF34A03} URL = http://www.oursurfing.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-06] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-05-29] (Společnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D101B019-1149-45F7-B947-ECD828E8996C}: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1 ... AM91456594

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-484763869-1767777339-1606980848-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-484763869-1767777339-1606980848-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-21] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-01]

Chrome:
=======
CHR Profile: C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-03-24]
CHR Extension: (My Car) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fgnbcikpejkcghcggmjcmbhabjkmkfhg [2014-05-19]
CHR Extension: (converter) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gncebhdkjgopkmaklokjadihihfakeoi [2014-05-18]
CHR Extension: (Centrum.cz Email Notifikátor) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hmmnahgmbjnpgdoadbfoficgoamahklm [2014-05-19]
CHR Extension: (Calculator) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2014-05-19]
CHR Extension: (Dropdown List of Most Visited Links) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2014-05-18]
CHR Extension: (News and Pictures) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mfkkkggciojbhfhehfaodadkoheomhbc [2014-05-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR Extension: (PR Checker) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc [2014-10-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-06]
CHR HKLM\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - No Path Or update_url value
StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.oursurfing.com/?type=sc&ts=1 ... AM91456594

Opera:
=======
OPR Extension: (No Name) - C:\Documents and Settings\zdenek\Data aplikací\Opera Software\Opera Stable\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb [2014-06-04]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe http://www.oursurfing.com/?type=sc&ts=1 ... AM91456594

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-03-11] (SafeNet Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-18] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-02-13] (IObit)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771968 2015-07-08] (Enigma Software Group USA, LLC.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567144 2014-08-13] (Mister Group)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [425352 2014-03-11] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-06] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-06] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-06] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-06] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-06] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-06] ()
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-02-02] (Phoenix Technologies) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-07-08] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-07-08] ()
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [234888 2014-03-11] (SafeNet Inc.)
S3 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [26248 2011-03-09] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [25434 2000-01-01] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2013-03-05] (Realtek Semiconductor Corporation )
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S1 tStLib; system32\drivers\tStLib.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 10:20 - 2015-07-08 10:21 - 00017441 _____ C:\Documents and Settings\zdenek\Plocha\FRST.txt
2015-07-08 10:19 - 2015-07-08 10:19 - 01636352 _____ (Farbar) C:\Documents and Settings\zdenek\Plocha\FRST.exe
2015-07-08 08:46 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2015-07-08 07:45 - 2015-07-08 07:45 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Enigma Software Group
2015-07-08 07:44 - 2015-07-08 07:45 - 00000000 ____D C:\sh4ldr
2015-07-08 07:42 - 2015-07-08 07:42 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-07-08 07:42 - 2015-07-08 07:42 - 00001155 _____ C:\WINDOWS\setupapi.log
2015-07-08 07:42 - 2015-07-08 07:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-07 21:08 - 2015-07-07 21:08 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\IHProtectUpDate
2015-07-07 21:07 - 2015-07-07 21:07 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\oursurfing
2015-07-07 21:07 - 2015-07-07 21:07 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-07-07 21:07 - 2015-07-07 21:07 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-07-07 20:27 - 2015-07-07 20:54 - 46685456 _____ C:\Documents and Settings\zdenek\Plocha\Babovřesky-2,-2014.mkv
2015-06-27 17:22 - 2015-06-27 17:22 - 00000000 ___RD C:\Program Files\Skype
2015-06-27 17:22 - 2015-06-27 17:22 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-06-27 17:22 - 2015-06-27 17:22 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-06-21 19:37 - 2015-06-21 19:50 - 394190200 _____ C:\Documents and Settings\zdenek\Plocha\zasilka-FK29EL2DMD9K5SXZ.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 10:21 - 2015-03-14 19:42 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Temp
2015-07-08 10:20 - 2014-09-20 04:22 - 00000000 ____D C:\FRST
2015-07-08 10:20 - 2013-08-07 07:08 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha
2015-07-08 09:50 - 2015-03-01 14:38 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-08 09:36 - 2013-08-17 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-07-08 09:36 - 2013-08-07 08:51 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-07-08 09:36 - 2013-08-07 08:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-07-08 09:36 - 2013-08-07 07:08 - 00000000 __RHD C:\Documents and Settings\zdenek\Data aplikací
2015-07-08 09:25 - 2013-08-07 07:01 - 01695557 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-08 09:24 - 2013-08-10 11:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-08 09:23 - 2013-08-10 11:59 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-08 09:21 - 2013-08-07 07:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-08 09:20 - 2013-08-07 07:08 - 00000178 ___SH C:\Documents and Settings\zdenek\ntuser.ini
2015-07-08 09:20 - 2013-08-07 07:06 - 00032484 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-08 08:42 - 2013-08-07 07:08 - 00000803 _____ C:\Documents and Settings\zdenek\Nabídka Start\Programy\Internet Explorer.lnk
2015-07-08 08:42 - 2012-08-28 10:22 - 00001498 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
2015-07-08 08:32 - 2013-07-28 14:41 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google
2015-07-08 08:13 - 2013-08-07 07:08 - 00001599 _____ C:\Documents and Settings\zdenek\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-07-08 08:08 - 2013-08-07 07:02 - 00001607 _____ C:\Documents and Settings\All Users\Nabídka Start\Přístup a výchozí nastavení programů.lnk
2015-07-08 08:08 - 2013-08-07 07:02 - 00001599 ____C C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-07-08 08:08 - 2013-08-07 07:02 - 00001507 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2015-07-08 07:45 - 2013-08-07 07:08 - 00000000 ____D C:\Documents and Settings\zdenek
2015-07-08 07:36 - 2013-11-14 05:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2015-07-08 07:06 - 2014-08-03 19:44 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-08 07:06 - 2013-08-09 19:31 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-08 07:06 - 2013-08-09 19:31 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-08 06:32 - 2008-04-14 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-07 21:16 - 2013-08-07 07:08 - 00000000 ___RD C:\Documents and Settings\zdenek\Dokumenty
2015-07-07 20:21 - 2013-07-26 13:26 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\vlc
2015-07-06 20:02 - 2015-02-28 12:48 - 00000000 ____D C:\AdmWin
2015-07-06 06:44 - 2013-08-07 07:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Local Settings\Data aplikací
2015-06-30 22:15 - 2013-07-26 07:39 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Skype
2015-06-27 17:22 - 2013-07-26 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-06-26 21:02 - 2015-03-01 14:37 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-22 06:12 - 2013-08-09 19:30 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Adobe
2015-06-10 23:40 - 2013-08-10 10:05 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 23:36 - 2015-05-20 22:16 - 00001619 _____ C:\Documents and Settings\zdenek\Plocha\Vypnutí počítače.lnk

==================== Files in the root of some directories =======

2013-11-03 09:06 - 2013-11-03 09:25 - 0000000 ____C () C:\Documents and Settings\zdenek\Data aplikací\bitlord_log.txt
2013-07-26 13:22 - 2015-04-01 11:39 - 0071680 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 21:37 - 2015-03-07 21:37 - 0000830 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 ____C () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\setup.txt

Some files in TEMP:
====================
C:\Documents and Settings\zdenek\Local Settings\Temp\1A1.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

#2 Příspěvek od **Rudy** » 08 črc 2015 17:15

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

zdenek72 · #3 Příspěvek od **zdenek72** » 08 črc 2015 17:48

Zdravím, díky. Vkládám.
# AdwCleaner v4.207 - Logfile created 08/07/2015 at 18:40:58
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : zdenek - ZDENEK
# Running from : C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v43.0.2357.132

-\\ Opera v20.0.1387.82

*************************

AdwCleaner[R0].txt - [10363 bytes] - [20/09/2014 03:49:09]
AdwCleaner[R1].txt - [1232 bytes] - [20/09/2014 21:28:23]
AdwCleaner[R2].txt - [1678 bytes] - [25/02/2015 19:40:00]
AdwCleaner[R3].txt - [1393 bytes] - [08/03/2015 21:25:55]
AdwCleaner[R4].txt - [1293 bytes] - [14/03/2015 17:28:10]
AdwCleaner[R5].txt - [2190 bytes] - [19/03/2015 00:16:05]
AdwCleaner[R6].txt - [1662 bytes] - [17/05/2015 21:42:09]
AdwCleaner[R7].txt - [5451 bytes] - [08/07/2015 13:05:52]
AdwCleaner[R8].txt - [1737 bytes] - [08/07/2015 18:38:39]
AdwCleaner[S0].txt - [10609 bytes] - [20/09/2014 03:51:37]
AdwCleaner[S1].txt - [1247 bytes] - [20/09/2014 21:32:14]
AdwCleaner[S2].txt - [1762 bytes] - [25/02/2015 19:45:25]
AdwCleaner[S3].txt - [1465 bytes] - [08/03/2015 21:51:34]
AdwCleaner[S4].txt - [2278 bytes] - [19/03/2015 00:30:44]
AdwCleaner[S5].txt - [1732 bytes] - [17/05/2015 21:50:55]
AdwCleaner[S6].txt - [4914 bytes] - [08/07/2015 13:09:11]
AdwCleaner[S7].txt - [1662 bytes] - [08/07/2015 18:40:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1721 bytes] ##########

#4 Příspěvek od **Rudy** » 08 črc 2015 18:36

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\MountPoints2: {3e9da61a-bb53-11e4-989f-0013d391c025} - G:\NokiaPCIA_Autorun.exe
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.oursurfing.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dsp ... 1456594&q={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.oursurfing.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {75C016F5-D587-4833-BF25-3BE10EF34A03} URL = http://www.oursurfing.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_sour ... default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
CHR HKLM\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - No Path Or update_url value
StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe http://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
C:\WINDOWS\system32\wpa.dbl
C:\Documents and Settings\zdenek\Local Settings\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

zdenek72 · #5 Příspěvek od **zdenek72** » 08 črc 2015 18:47

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by zdenek (administrator) on ZDENEK on 08-07-2015 19:40:25
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\MountPoints2: {3e9da61a-bb53-11e4-989f-0013d391c025} - G:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\UltraMon.scr
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-06] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-06] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-05-29] (Společnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D101B019-1149-45F7-B947-ECD828E8996C}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-484763869-1767777339-1606980848-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-484763869-1767777339-1606980848-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-21] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-01]

Chrome:
=======
CHR Profile: C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-03-24]
CHR Extension: (My Car) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fgnbcikpejkcghcggmjcmbhabjkmkfhg [2014-05-19]
CHR Extension: (converter) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gncebhdkjgopkmaklokjadihihfakeoi [2014-05-18]
CHR Extension: (Centrum.cz Email Notifikátor) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hmmnahgmbjnpgdoadbfoficgoamahklm [2014-05-19]
CHR Extension: (Calculator) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2014-05-19]
CHR Extension: (Dropdown List of Most Visited Links) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2014-05-18]
CHR Extension: (News and Pictures) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mfkkkggciojbhfhehfaodadkoheomhbc [2014-05-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR Extension: (PR Checker) - C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc [2014-10-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-06]
CHR HKLM\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - No Path Or update_url value

Opera:
=======
OPR Extension: (No Name) - C:\Documents and Settings\zdenek\Data aplikací\Opera Software\Opera Stable\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb [2014-06-04]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe http://www.oursurfing.com/?type=sc&ts=1 ... AM91456594

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-03-11] (SafeNet Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-18] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-02-13] (IObit)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567144 2014-08-13] (Mister Group)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [425352 2014-03-11] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-06] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-06] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-06] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-06] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-06] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-06] ()
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-02-02] (Phoenix Technologies) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [234888 2014-03-11] (SafeNet Inc.)
S3 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [26248 2011-03-09] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [25434 2000-01-01] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2013-03-05] (Realtek Semiconductor Corporation )
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S1 tStLib; system32\drivers\tStLib.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 19:39 - 2015-07-08 19:39 - 00002158 _____ C:\Documents and Settings\zdenek\Plocha\fixlist.txt.txt
2015-07-08 19:12 - 2015-07-08 19:12 - 520955188 _____ C:\Documents and Settings\zdenek\Plocha\Prikaz-k-Poprave-(1990)-akcni,J.-C.Van-Damme,CZ-dab,DTVMir,85'.avi
2015-07-08 19:01 - 2015-07-08 19:01 - 00042496 _____ C:\Documents and Settings\zdenek\Plocha\Cen. nabdka modrá.xls
2015-07-08 18:43 - 2015-07-08 18:43 - 00001801 _____ C:\Documents and Settings\zdenek\Plocha\AdwCleaner[S7].txt
2015-07-08 18:12 - 2015-07-08 18:12 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\daně
2015-07-08 17:13 - 2015-07-08 17:15 - 00000000 ____D C:\Program Files\Recuva
2015-07-08 17:13 - 2015-07-08 17:13 - 00001512 _____ C:\Documents and Settings\All Users\Plocha\Recuva.lnk
2015-07-08 17:13 - 2015-07-08 17:13 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Recuva
2015-07-08 13:05 - 2015-07-08 13:05 - 02244096 _____ C:\Documents and Settings\zdenek\Plocha\adwcleaner_4.207.exe
2015-07-08 11:11 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-08 11:11 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-08 07:42 - 2015-07-08 07:42 - 00001155 _____ C:\WINDOWS\setupapi.log
2015-07-07 21:07 - 2015-07-07 21:07 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-07-07 21:07 - 2015-07-07 21:07 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-07-07 20:27 - 2015-07-08 16:52 - 1794086751 _____ C:\Documents and Settings\zdenek\Plocha\Babovřesky-2,-2014.mkv
2015-06-27 17:22 - 2015-06-27 17:22 - 00000000 ___RD C:\Program Files\Skype
2015-06-27 17:22 - 2015-06-27 17:22 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-06-27 17:22 - 2015-06-27 17:22 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-06-21 19:37 - 2015-06-21 19:50 - 394190200 _____ C:\Documents and Settings\zdenek\Plocha\zasilka-FK29EL2DMD9K5SXZ.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 19:41 - 2015-03-14 19:42 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Temp
2015-07-08 19:41 - 2013-08-07 07:08 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha
2015-07-08 19:40 - 2014-09-20 04:22 - 00000000 ____D C:\FRST
2015-07-08 19:40 - 2013-08-09 07:39 - 00000000 ___RD C:\Documents and Settings\zdenek\Plocha\Čištění
2015-07-08 18:49 - 2015-03-01 14:38 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-08 18:46 - 2013-08-07 07:01 - 01718454 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-08 18:45 - 2013-08-10 11:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-08 18:44 - 2013-08-10 11:59 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-08 18:42 - 2013-08-07 07:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-08 18:41 - 2014-09-20 03:49 - 00000000 ____D C:\AdwCleaner
2015-07-08 18:41 - 2013-08-07 07:08 - 00000178 ___SH C:\Documents and Settings\zdenek\ntuser.ini
2015-07-08 18:41 - 2013-08-07 07:06 - 00032484 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-08 18:09 - 2015-02-28 12:48 - 00000000 ____D C:\AdmWin
2015-07-08 17:13 - 2013-08-17 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-07-08 17:13 - 2013-08-07 08:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-07-08 13:09 - 2013-08-07 08:51 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-07-08 12:47 - 2013-08-07 07:08 - 00000000 __RHD C:\Documents and Settings\zdenek\Data aplikací
2015-07-08 08:42 - 2013-08-07 07:08 - 00000803 _____ C:\Documents and Settings\zdenek\Nabídka Start\Programy\Internet Explorer.lnk
2015-07-08 08:42 - 2012-08-28 10:22 - 00001498 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
2015-07-08 08:32 - 2013-07-28 14:41 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Google
2015-07-08 08:13 - 2013-08-07 07:08 - 00001599 _____ C:\Documents and Settings\zdenek\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-07-08 08:08 - 2013-08-07 07:02 - 00001607 _____ C:\Documents and Settings\All Users\Nabídka Start\Přístup a výchozí nastavení programů.lnk
2015-07-08 08:08 - 2013-08-07 07:02 - 00001599 ____C C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-07-08 08:08 - 2013-08-07 07:02 - 00001507 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2015-07-08 07:45 - 2013-08-07 07:08 - 00000000 ____D C:\Documents and Settings\zdenek
2015-07-08 07:36 - 2013-11-14 05:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2015-07-08 07:06 - 2014-08-03 19:44 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-08 07:06 - 2013-08-09 19:31 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-08 07:06 - 2013-08-09 19:31 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-08 06:32 - 2008-04-14 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-07 21:16 - 2013-08-07 07:08 - 00000000 ___RD C:\Documents and Settings\zdenek\Dokumenty
2015-07-07 20:21 - 2013-07-26 13:26 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\vlc
2015-07-06 06:44 - 2013-08-07 07:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Local Settings\Data aplikací
2015-06-30 22:15 - 2013-07-26 07:39 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Skype
2015-06-27 17:22 - 2013-07-26 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-06-26 21:02 - 2015-03-01 14:37 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-22 06:12 - 2013-08-09 19:30 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Adobe
2015-06-10 23:40 - 2013-08-10 10:05 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 23:36 - 2015-05-20 22:16 - 00001619 _____ C:\Documents and Settings\zdenek\Plocha\Vypnutí počítače.lnk

==================== Files in the root of some directories =======

2013-11-03 09:06 - 2013-11-03 09:25 - 0000000 ____C () C:\Documents and Settings\zdenek\Data aplikací\bitlord_log.txt
2013-07-26 13:22 - 2015-04-01 11:39 - 0071680 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 21:37 - 2015-03-07 21:37 - 0000830 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 ____C () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\setup.txt

Some files in TEMP:
====================
C:\Documents and Settings\zdenek\Local Settings\Temp\1A1.exe
C:\Documents and Settings\zdenek\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\zdenek\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

#6 Příspěvek od **Rudy** » 08 črc 2015 19:14

Smazáno. Nastala nějaká změna?

zdenek72 · #7 Příspěvek od **zdenek72** » 09 črc 2015 07:06

Zdravím, pomohlo. Díky moc.

#8 Příspěvek od **Rudy** » 09 črc 2015 17:43

Rádo se stalo!

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu