Prosím o kontrolu

Zpráva

zdenek72 · #1 Příspěvek od **zdenek72** » 11 črc 2015 17:07

Zdravím, chtěl bych poprosit o kontrolu. Díky moc.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Balda (administrator) on POCITAC on 11-07-2015 17:57:28
Running from C:\Documents and Settings\Balda\Plocha\cst
Loaded Profiles: Balda (Available Profiles: Balda & Mamka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ibmpmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE
(Atheros) C:\WINDOWS\system32\acs.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88_0\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88_0\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88_0\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88_0\opera.exe
(Microsoft Corporation) C:\WINDOWS\system32\osk.exe
(Microsoft Corporation) C:\WINDOWS\system32\msswchx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] => C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [65536 2005-10-17] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [831488 2007-08-08] (Analog Devices, Inc.)
HKLM\...\Run: [AwaySch] => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2000-01-01] (Analog Devices, Inc.)
HKLM\...\RunOnce: [CleanUp] => C:\WINDOWS\system32\CleanUp.exe [45056 2002-04-17] (adi)
HKLM\...\RunOnce: [SpkrCnfg] => C:\WINDOWS\system32\DSndUp.exe [49152 2006-07-10] (Analog Devices Inc.)
HKU\S-1-5-21-117609710-602162358-839522115-1003\...\Run: [Windows] => C:\Users\Public\Windows\downloadll.vbs [81 2014-05-08] ()
HKU\S-1-5-21-117609710-602162358-839522115-1003\...\Run: [SystemProc] => C:\Users\Public\Other\run.vbs [74 2014-02-06] ()
HKU\S-1-5-21-117609710-602162358-839522115-1003\...\Run: [SlimDrivers] => C:\Program Files\SlimDrivers\SlimDrivers.exe [29395264 2013-09-24] (SlimWare Utilities, Inc.)
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\Mamka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk [2015-01-11]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-117609710-602162358-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {0C7F4DB8-2978-448E-BEE5-A68394B96130} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {193309BC-24D5-4D28-82B7-482B3935FF62} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {2A1B1BCB-F9C8-4956-9121-9EABB0C9ACD7} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {5C11BCD8-6A61-41DA-8018-6DEF9B8E7612} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {83230ED4-1342-46DE-91B8-7E1F25220D74} URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {89E1BBCD-4A0B-4C9E-A47A-E2F43A8B245B} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {955B3FF0-63C2-4AF7-B58B-B44B188883C4} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {9E3A5207-08EA-400F-B93E-D1415CC5EDE9} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {CD84BB40-A5FE-431F-87D4-B092C638F89C} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO: CPwmIEBrowserHelper Object -> {F040E541-A427-4CF7-85D8-75E3E0F476C5} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-03] (Lenovo Group Limited)
Toolbar: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll [2014-02-25] (Společnost Microsoft)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{19C20FF1-E5B1-4785-BE9E-6AF508B1949D}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Balda\Data aplikací\Mozilla\Firefox\Profiles\lsexlfa2.default
FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Seznam
FF SelectedSearchEngine: Seznam
FF Homepage: https://www.seznam.cz/?clid=22668
FF Keyword.URL: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-117609710-602162358-839522115-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Balda\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll [2013-11-06] (Skype Limited)
FF Plugin HKU\S-1-5-21-117609710-602162358-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Balda\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2014-05-21] (mozilla.org)
FF SearchPlugin: C:\Documents and Settings\Balda\Data aplikací\Mozilla\Firefox\Profiles\lsexlfa2.default\searchplugins\seznam-avast.xml [2015-03-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\centrum-cz.xml [2014-05-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml [2014-05-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml [2014-05-21]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Balda\Data aplikací\Mozilla\Firefox\Profiles\lsexlfa2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-07-06]
FF Extension: DOM Inspector - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [2014-04-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-21]
FF HKU\S-1-5-21-117609710-602162358-839522115-1003\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2014-06-21]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (TV) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2014-07-13]
CHR Extension: (Komponenta pro aplikaci BUSINESS 24) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cmnbkaminnbffdjkdlahealilagcdfdi [2015-03-28]
CHR Extension: (Classic) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2014-05-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Profile: C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-12]
CHR Extension: (Google Docs) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-12]
CHR Extension: (Google Drive) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-12]
CHR Extension: (YouTube) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-12]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-12]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
CHR Extension: (Gmail) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acs; C:\WINDOWS\system32\acs.exe [475220 2009-09-24] (Atheros) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
R2 IPSSVC; C:\WINDOWS\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [966656 2010-10-19] (Intel(R) Corporation) [File not signed]
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-03] (IBM)
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1347168 2009-04-03] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-07-24] (The OpenVPN Project)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [993576 2010-09-23] (Broadcom Corporation.)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2006-02-02] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-02-02] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2006-02-02] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89472 2006-03-01] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-11-18] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-06] (Symantec Corporation)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [217016 2010-06-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [993464 2010-06-02] (Conexant Systems, Inc.)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2014-06-21] (Microsoft Corporation) [File not signed]
R2 PROCDD; C:\WINDOWS\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-06-06] (Sonic Solutions) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [14848 2006-10-02] (Microsoft Corporation) [File not signed]
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2015-07-11] ()
R1 TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [9343 2006-10-02] () [File not signed]
R3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [290816 2000-01-01] (Texas Instruments) [File not signed]
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57408 2008-02-08] (Atheros Communications, Inc.) [File not signed]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 17:57 - 2015-07-11 17:57 - 00000000 ____D C:\FRST
2015-07-11 17:55 - 2015-07-11 17:55 - 00029696 _____ C:\Documents and Settings\Balda\Local Settings\Data aplikací\MSGBOX.EXE
2015-07-11 17:55 - 2015-07-11 17:55 - 00015327 _____ C:\Documents and Settings\Balda\Plocha\LM.bat
2015-07-11 17:34 - 2015-07-11 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\SoundMAX
2015-07-11 17:33 - 2000-01-01 02:00 - 00308736 _____ (Analog Devices, Inc.) C:\WINDOWS\system32\Drivers\ADIHdAud.sys
2015-07-11 17:33 - 2000-01-01 02:00 - 00103424 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\Drivers\aeaudio.sys
2015-07-11 17:33 - 2000-01-01 02:00 - 00028160 _____ (Analog Devices, Inc.) C:\WINDOWS\system32\PostProc.dll
2015-07-11 17:25 - 2015-07-11 17:36 - 00000000 ____D C:\WINDOWS\LastGood
2015-07-11 17:23 - 2015-07-11 17:37 - 00008936 _____ C:\WINDOWS\SMinstall.log
2015-07-11 17:12 - 2015-07-11 17:36 - 00006552 _____ C:\WINDOWS\setupapi.log
2015-07-11 17:12 - 2015-07-11 17:12 - 00013464 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-07-11 17:12 - 2015-07-11 17:12 - 00000000 ____D C:\Documents and Settings\Balda\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-07-11 17:02 - 2015-07-11 17:57 - 00000000 ____D C:\Documents and Settings\Balda\Plocha\cst
2015-07-08 13:18 - 2015-07-08 13:28 - 00000000 ____D C:\AdwCleaner
2015-07-07 12:57 - 2015-07-07 12:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB941569$
2015-07-07 12:57 - 2015-07-07 12:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-07-07 12:56 - 2015-07-07 12:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB929399$
2015-07-07 12:55 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-07-06 11:36 - 2015-07-06 11:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-06 10:07 - 2015-07-06 10:07 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-07-06 10:01 - 2015-07-06 10:02 - 05501070 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Balda\Dokumenty\9B.tmp
2015-06-29 19:52 - 2015-06-29 19:53 - 00000000 ____D C:\Documents and Settings\Balda\Plocha\BZR
2015-06-21 15:51 - 2015-06-21 15:58 - 394190200 _____ C:\Documents and Settings\Mamka\Plocha\zasilka-FK29EL2DMD9K5SXZ.zip
2015-06-21 10:03 - 2015-06-21 10:04 - 00000000 ____D C:\Documents and Settings\Mamka\Plocha\nemecko

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 17:58 - 2014-04-11 06:45 - 00000000 ____D C:\Documents and Settings\Balda\Local Settings\Temp
2015-07-11 17:57 - 2014-04-11 06:45 - 00000000 ___RD C:\Documents and Settings\Balda\Dokumenty
2015-07-11 17:55 - 2014-04-11 06:45 - 00000000 ___HD C:\Documents and Settings\Balda\Local Settings\Data aplikací
2015-07-11 17:55 - 2014-04-11 06:45 - 00000000 ____D C:\Documents and Settings\Balda\Plocha
2015-07-11 17:49 - 2014-04-11 08:20 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-07-11 17:45 - 2014-05-15 20:32 - 00000000 ____D C:\SWTOOLS
2015-07-11 17:34 - 2014-04-11 08:20 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-07-11 17:33 - 2014-04-11 08:20 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-07-11 17:29 - 2014-11-10 11:53 - 00000388 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1406526841.job
2015-07-11 17:27 - 2014-04-11 08:20 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-07-11 17:07 - 2014-05-25 17:46 - 00000000 ____D C:\Documents and Settings\Balda\Data aplikací\uTorrent
2015-07-11 17:06 - 2014-06-21 16:12 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-11 17:05 - 2014-04-11 06:45 - 00000000 ____D C:\Documents and Settings\Balda
2015-07-11 17:04 - 2014-04-11 08:42 - 01697232 ____N C:\WINDOWS\WindowsUpdate.log
2015-07-11 17:01 - 2015-04-19 22:09 - 00001032 _____ C:\WINDOWS\Tasks\SaG6QNzSBtzYyiTo.job
2015-07-11 17:01 - 2015-04-19 22:09 - 00001028 _____ C:\WINDOWS\Tasks\w2W3KYV5bTKRnX.job
2015-07-11 17:01 - 2014-04-11 08:23 - 00000159 ____N C:\WINDOWS\wiadebug.log
2015-07-11 17:01 - 2014-04-11 08:23 - 00000049 ____N C:\WINDOWS\wiaservc.log
2015-07-11 17:01 - 2014-04-11 08:14 - 00000000 ____D C:\WINDOWS\system32\ias
2015-07-11 17:01 - 2014-04-11 06:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-11 17:01 - 2007-06-19 14:13 - 00000380 _____ C:\WINDOWS\system32\IPSCtrl.INI
2015-07-11 17:01 - 2007-01-29 11:36 - 00025181 _____ C:\WINDOWS\system32\PROCDB.INI
2015-07-11 17:01 - 2001-10-25 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-08 14:29 - 2014-04-11 06:42 - 00032486 ____N C:\WINDOWS\SchedLgU.Txt
2015-07-08 14:28 - 2014-06-21 16:59 - 00524288 _____ C:\WINDOWS\system32\config\ACS.evt
2015-07-08 14:28 - 2014-04-11 06:45 - 00000178 ___SH C:\Documents and Settings\Balda\ntuser.ini
2015-07-08 13:29 - 2015-01-04 18:58 - 00000178 ___SH C:\Documents and Settings\Mamka\ntuser.ini
2015-07-08 13:28 - 2015-01-04 18:58 - 00000000 ___HD C:\Documents and Settings\Mamka\Local Settings\Data aplikací
2015-07-08 13:28 - 2014-04-11 06:45 - 00000000 __RHD C:\Documents and Settings\Balda\Data aplikací
2015-07-08 13:23 - 2015-01-09 19:34 - 00000772 _____ C:\Documents and Settings\Mamka\Plocha\Zrychleni Pocitace.lnk
2015-07-08 13:23 - 2015-01-04 18:58 - 00000000 ____D C:\Documents and Settings\Mamka\Plocha
2015-07-08 13:22 - 2015-03-15 20:06 - 05088032 _____ (Optimal Software s.r.o. ) C:\Documents and Settings\Mamka\Dokumenty\PCSpeedUp-Silent-Update.exe
2015-07-08 13:22 - 2015-01-04 18:58 - 00000000 ____D C:\Documents and Settings\Mamka\Local Settings\Temp
2015-07-08 13:21 - 2015-04-19 22:12 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-07 12:55 - 2014-06-21 17:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-07 12:19 - 2014-04-20 09:33 - 00000000 ____D C:\Program Files\Opera
2015-07-06 09:54 - 2014-04-21 18:36 - 00000000 ____D C:\Documents and Settings\Balda\Data aplikací\Mozilla
2015-07-05 02:52 - 2014-04-20 09:11 - 00000000 ____D C:\Documents and Settings\Balda\Data aplikací\vlc
2015-06-26 20:40 - 2014-06-21 16:11 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-26 15:16 - 2014-04-12 17:51 - 00000000 ____D C:\Documents and Settings\Balda\Data aplikací\Skype
2015-06-26 14:46 - 2015-02-22 19:32 - 00002265 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-06-26 14:27 - 2015-01-04 18:59 - 00001871 _____ C:\Documents and Settings\Mamka\Plocha\Google Chrome.lnk
2015-06-25 17:15 - 2014-04-12 12:08 - 00001813 _____ C:\Documents and Settings\Balda\Plocha\Google Chrome.lnk
2015-06-21 19:37 - 2015-01-04 18:58 - 00000000 ___RD C:\Documents and Settings\Mamka\Dokumenty
2015-06-14 20:50 - 2015-01-04 18:58 - 00000000 ___RD C:\Documents and Settings\Mamka\Dokumenty\Obrázky

==================== Files in the root of some directories =======

2014-05-27 20:03 - 2015-04-02 21:41 - 0012800 _____ () C:\Documents and Settings\Balda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-11 17:55 - 2015-07-11 17:55 - 0029696 _____ () C:\Documents and Settings\Balda\Local Settings\Data aplikací\MSGBOX.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

#2 Příspěvek od **Rudy** » 11 črc 2015 18:03

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

zdenek72 · #3 Příspěvek od **zdenek72** » 11 črc 2015 18:27

# AdwCleaner v4.208 - Log vytvořen 11/07/2015 v 19:21:59
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-10.1 [Server]
# Operační system : Microsoft Windows XP Service Pack 3 (x86)
# Uživatelské jméno : Balda - POCITAC
# Spuštěno z : C:\Documents and Settings\Balda\Plocha\cst\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : swdumon

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Documents and Settings\Balda\Local Settings\Data aplikací\slimware utilities inc
Soubor Smazáno : C:\WINDOWS\system32\drivers\swdumon.sys

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

***** [ Prohlížeče ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v37.0.2 (x86 en-US)

-\\ Google Chrome v43.0.2357.132

[C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] : hxxp://rts.dsrlte.com?affID=na

-\\ Opera v30.0.1835.88

*************************

AdwCleaner[R0].txt - [321 bytů] - [08/07/2015 13:18:27]
AdwCleaner[R1].txt - [14538 bytů] - [08/07/2015 13:22:59]
AdwCleaner[R2].txt - [1386 bytů] - [11/07/2015 19:12:29]
AdwCleaner[R3].txt - [1444 bytů] - [11/07/2015 19:18:40]
AdwCleaner[S0].txt - [14338 bytů] - [08/07/2015 13:28:30]
AdwCleaner[S1].txt - [1369 bytů] - [11/07/2015 19:21:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1427 bytů] ##########

#4 Příspěvek od **Rudy** » 11 črc 2015 18:52

Dejte nový log FRST.

zdenek72 · #5 Příspěvek od **zdenek72** » 11 črc 2015 19:00

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Balda (administrator) on POCITAC on 11-07-2015 19:57:43
Running from C:\Documents and Settings\Balda\Plocha\cst
Loaded Profiles: Balda (Available Profiles: Balda & Mamka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ibmpmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE
(Atheros) C:\WINDOWS\system32\acs.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
(Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88_0\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88_0\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88_0\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88_0\opera.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] => C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [65536 2005-10-17] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [831488 2007-08-08] (Analog Devices, Inc.)
HKLM\...\Run: [AwaySch] => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2000-01-01] (Analog Devices, Inc.)
HKU\S-1-5-21-117609710-602162358-839522115-1003\...\Run: [Windows] => C:\Users\Public\Windows\downloadll.vbs [81 2014-05-08] ()
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\Mamka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk [2015-01-11]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-117609710-602162358-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {0C7F4DB8-2978-448E-BEE5-A68394B96130} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {193309BC-24D5-4D28-82B7-482B3935FF62} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {2A1B1BCB-F9C8-4956-9121-9EABB0C9ACD7} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {5C11BCD8-6A61-41DA-8018-6DEF9B8E7612} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {83230ED4-1342-46DE-91B8-7E1F25220D74} URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {89E1BBCD-4A0B-4C9E-A47A-E2F43A8B245B} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {955B3FF0-63C2-4AF7-B58B-B44B188883C4} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {9E3A5207-08EA-400F-B93E-D1415CC5EDE9} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> {CD84BB40-A5FE-431F-87D4-B092C638F89C} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO: CPwmIEBrowserHelper Object -> {F040E541-A427-4CF7-85D8-75E3E0F476C5} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-03] (Lenovo Group Limited)
Toolbar: HKU\S-1-5-21-117609710-602162358-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll [2014-02-25] (Společnost Microsoft)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{19C20FF1-E5B1-4785-BE9E-6AF508B1949D}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Balda\Data aplikací\Mozilla\Firefox\Profiles\kpuk8qvz.default-1436636355781
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-117609710-602162358-839522115-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Balda\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll [2013-11-06] (Skype Limited)
FF Plugin HKU\S-1-5-21-117609710-602162358-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Balda\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2014-05-21] (mozilla.org)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\centrum-cz.xml [2014-05-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml [2014-05-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml [2014-05-21]
FF Extension: DOM Inspector - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [2014-04-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-21]
FF HKU\S-1-5-21-117609710-602162358-839522115-1003\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2014-06-21]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (TV) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2014-07-13]
CHR Extension: (Komponenta pro aplikaci BUSINESS 24) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cmnbkaminnbffdjkdlahealilagcdfdi [2015-03-28]
CHR Extension: (Classic) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2014-05-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Profile: C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-12]
CHR Extension: (Google Docs) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-12]
CHR Extension: (Google Drive) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-12]
CHR Extension: (YouTube) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-12]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-12]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
CHR Extension: (Gmail) - C:\Documents and Settings\Balda\Local Settings\Data aplikací\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acs; C:\WINDOWS\system32\acs.exe [475220 2009-09-24] (Atheros) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
R2 IPSSVC; C:\WINDOWS\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [966656 2010-10-19] (Intel(R) Corporation) [File not signed]
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-03] (IBM)
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1347168 2009-04-03] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-07-24] (The OpenVPN Project)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [993576 2010-09-23] (Broadcom Corporation.)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2006-02-02] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-02-02] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2006-02-02] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2006-02-02] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89472 2006-03-01] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-11-18] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-06] (Symantec Corporation)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [217016 2010-06-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [993464 2010-06-02] (Conexant Systems, Inc.)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2014-06-21] (Microsoft Corporation) [File not signed]
R2 PROCDD; C:\WINDOWS\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-06-06] (Sonic Solutions) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [14848 2006-10-02] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [9343 2006-10-02] () [File not signed]
R3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [290816 2000-01-01] (Texas Instruments) [File not signed]
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57408 2008-02-08] (Atheros Communications, Inc.) [File not signed]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 19:39 - 2015-07-11 19:39 - 00000000 ____D C:\Documents and Settings\Balda\Plocha\Old Firefox Data
2015-07-11 19:29 - 2015-07-11 19:29 - 00000000 ____D C:\WINDOWS\LastGood
2015-07-11 19:25 - 2015-07-11 19:25 - 00001506 _____ C:\Documents and Settings\Balda\Plocha\AdwCleaner[S1].txt
2015-07-11 19:25 - 2015-07-11 19:25 - 00000000 ____D C:\Documents and Settings\Balda\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-07-11 19:10 - 2015-07-11 19:10 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2015-07-11 19:10 - 2015-07-11 19:10 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy
2015-07-11 19:07 - 2015-07-11 19:08 - 16409960 _____ (Safer Networking Limited ) C:\Documents and Settings\Balda\Plocha\spybotsd162.exe
2015-07-11 18:32 - 2015-07-11 18:32 - 00000000 ____D C:\Documents and Settings\LocalService\Plocha
2015-07-11 18:31 - 2015-07-11 18:32 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\Mozilla
2015-07-11 18:31 - 2015-07-11 18:31 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Mozilla
2015-07-11 18:13 - 2015-07-11 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2015-07-11 18:13 - 2015-07-11 19:23 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-07-11 18:12 - 2015-07-11 19:24 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-07-11 18:09 - 2015-07-11 18:11 - 46525608 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\Balda\Plocha\spybot-2.4.exe
2015-07-11 17:57 - 2015-07-11 19:57 - 00000000 ____D C:\FRST
2015-07-11 17:55 - 2015-07-11 17:55 - 00029696 _____ C:\Documents and Settings\Balda\Local Settings\Data aplikací\MSGBOX.EXE
2015-07-11 17:34 - 2015-07-11 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\SoundMAX
2015-07-11 17:33 - 2000-01-01 02:00 - 00308736 _____ (Analog Devices, Inc.) C:\WINDOWS\system32\Drivers\ADIHdAud.sys
2015-07-11 17:33 - 2000-01-01 02:00 - 00103424 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\Drivers\aeaudio.sys
2015-07-11 17:33 - 2000-01-01 02:00 - 00028160 _____ (Analog Devices, Inc.) C:\WINDOWS\system32\PostProc.dll
2015-07-11 17:23 - 2015-07-11 17:37 - 00008936 _____ C:\WINDOWS\SMinstall.log
2015-07-11 17:12 - 2015-07-11 19:25 - 00007414 _____ C:\WINDOWS\setupapi.log
2015-07-11 17:02 - 2015-07-11 19:57 - 00000000 ____D C:\Documents and Settings\Balda\Plocha\cst
2015-07-08 13:18 - 2015-07-11 19:23 - 00000000 ____D C:\AdwCleaner
2015-07-07 12:57 - 2015-07-07 12:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB941569$
2015-07-07 12:57 - 2015-07-07 12:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-07-07 12:56 - 2015-07-07 12:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB929399$
2015-07-07 12:55 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-07-06 11:36 - 2015-07-06 11:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-06 10:07 - 2015-07-06 10:07 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-07-06 10:01 - 2015-07-06 10:02 - 05501070 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Balda\Dokumenty\9B.tmp
2015-06-29 19:52 - 2015-06-29 19:53 - 00000000 ____D C:\Documents and Settings\Balda\Plocha\BZR
2015-06-21 15:51 - 2015-06-21 15:58 - 394190200 _____ C:\Documents and Settings\Mamka\Plocha\zasilka-FK29EL2DMD9K5SXZ.zip
2015-06-21 10:03 - 2015-06-21 10:04 - 00000000 ____D C:\Documents and Settings\Mamka\Plocha\nemecko

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 19:58 - 2014-04-11 06:45 - 00000000 ____D C:\Documents and Settings\Balda\Local Settings\Temp
2015-07-11 19:57 - 2014-04-11 06:45 - 00000000 ___RD C:\Documents and Settings\Balda\Dokumenty
2015-07-11 19:43 - 2015-04-19 22:09 - 00001032 _____ C:\WINDOWS\Tasks\SaG6QNzSBtzYyiTo.job
2015-07-11 19:39 - 2014-04-11 06:45 - 00000000 ____D C:\Documents and Settings\Balda\Plocha
2015-07-11 19:30 - 2014-06-21 16:12 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-11 19:29 - 2014-08-05 19:39 - 00000000 ____D C:\Documents and Settings\Balda\Plocha\serose a flmy
2015-07-11 19:25 - 2014-04-11 08:42 - 01702357 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-11 19:25 - 2014-04-11 08:14 - 00000000 ____D C:\WINDOWS\system32\ias
2015-07-11 19:25 - 2014-04-11 06:45 - 00000000 ___HD C:\Documents and Settings\Balda\Local Settings\Data aplikací
2015-07-11 19:24 - 2015-04-19 22:09 - 00001028 _____ C:\WINDOWS\Tasks\w2W3KYV5bTKRnX.job
2015-07-11 19:24 - 2014-04-11 08:23 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-07-11 19:24 - 2014-04-11 08:23 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-11 19:24 - 2014-04-11 06:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-11 19:24 - 2007-06-19 14:13 - 00000380 _____ C:\WINDOWS\system32\IPSCtrl.INI
2015-07-11 19:24 - 2007-01-29 11:36 - 00025181 _____ C:\WINDOWS\system32\PROCDB.INI
2015-07-11 19:24 - 2001-10-25 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-11 19:23 - 2014-06-21 16:59 - 00524288 _____ C:\WINDOWS\system32\config\ACS.evt
2015-07-11 19:23 - 2014-04-11 06:45 - 00000178 ___SH C:\Documents and Settings\Balda\ntuser.ini
2015-07-11 19:23 - 2014-04-11 06:42 - 00032486 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-11 19:10 - 2014-04-11 08:20 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-07-11 19:08 - 2014-04-11 08:20 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-07-11 19:01 - 2014-05-16 20:12 - 00000492 _____ C:\WINDOWS\wininit.ini
2015-07-11 18:32 - 2014-04-11 06:42 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-07-11 18:31 - 2014-04-11 06:42 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2015-07-11 18:31 - 2014-04-11 06:42 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2015-07-11 18:13 - 2014-04-11 08:20 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-07-11 17:45 - 2014-05-15 20:32 - 00000000 ____D C:\SWTOOLS
2015-07-11 17:29 - 2014-11-10 11:53 - 00000388 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1406526841.job
2015-07-11 17:27 - 2014-04-11 08:20 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-07-11 17:07 - 2014-05-25 17:46 - 00000000 ____D C:\Documents and Settings\Balda\Data aplikací\uTorrent
2015-07-11 17:05 - 2014-04-11 06:45 - 00000000 ____D C:\Documents and Settings\Balda
2015-07-08 13:29 - 2015-01-04 18:58 - 00000178 ___SH C:\Documents and Settings\Mamka\ntuser.ini
2015-07-08 13:28 - 2015-01-04 18:58 - 00000000 ___HD C:\Documents and Settings\Mamka\Local Settings\Data aplikací
2015-07-08 13:28 - 2014-04-11 06:45 - 00000000 __RHD C:\Documents and Settings\Balda\Data aplikací
2015-07-08 13:23 - 2015-01-09 19:34 - 00000772 _____ C:\Documents and Settings\Mamka\Plocha\Zrychleni Pocitace.lnk
2015-07-08 13:23 - 2015-01-04 18:58 - 00000000 ____D C:\Documents and Settings\Mamka\Plocha
2015-07-08 13:22 - 2015-03-15 20:06 - 05088032 _____ (Optimal Software s.r.o. ) C:\Documents and Settings\Mamka\Dokumenty\PCSpeedUp-Silent-Update.exe
2015-07-08 13:22 - 2015-01-04 18:58 - 00000000 ____D C:\Documents and Settings\Mamka\Local Settings\Temp
2015-07-08 13:21 - 2015-04-19 22:12 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-07 12:55 - 2014-06-21 17:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-07 12:19 - 2014-04-20 09:33 - 00000000 ____D C:\Program Files\Opera
2015-07-06 09:54 - 2014-04-21 18:36 - 00000000 ____D C:\Documents and Settings\Balda\Data aplikací\Mozilla
2015-07-05 02:52 - 2014-04-20 09:11 - 00000000 ____D C:\Documents and Settings\Balda\Data aplikací\vlc
2015-06-26 20:40 - 2014-06-21 16:11 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-26 15:16 - 2014-04-12 17:51 - 00000000 ____D C:\Documents and Settings\Balda\Data aplikací\Skype
2015-06-26 14:46 - 2015-02-22 19:32 - 00002265 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-06-26 14:27 - 2015-01-04 18:59 - 00001871 _____ C:\Documents and Settings\Mamka\Plocha\Google Chrome.lnk
2015-06-21 19:37 - 2015-01-04 18:58 - 00000000 ___RD C:\Documents and Settings\Mamka\Dokumenty
2015-06-14 20:50 - 2015-01-04 18:58 - 00000000 ___RD C:\Documents and Settings\Mamka\Dokumenty\Obrázky

==================== Files in the root of some directories =======

2014-05-27 20:03 - 2015-04-02 21:41 - 0012800 _____ () C:\Documents and Settings\Balda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-11 17:55 - 2015-07-11 17:55 - 0029696 _____ () C:\Documents and Settings\Balda\Local Settings\Data aplikací\MSGBOX.EXE

Some files in TEMP:
====================
C:\Documents and Settings\Balda\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Balda\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

#6 Příspěvek od **Rudy** » 11 črc 2015 19:11

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-117609710-602162358-839522115-1003\...\Run: [Windows] => C:\Users\Public\Windows\downloadll.vbs [81 2014-05-08] ()
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
C:\Users\Public\Windows\downloadll.vbs
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S4 IntelIde; No ImagePath
C:\WINDOWS\Tasks\SaG6QNzSBtzYyiTo.job
C:\WINDOWS\Tasks\w2W3KYV5bTKRnX.job
C:\Documents and Settings\Balda\Local Settings\Temp
End

Uložte do C:\Documents and Settings\Balda\Plocha\cst jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

zdenek72 · #7 Příspěvek od **zdenek72** » 11 črc 2015 19:19

Fix result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015
Ran by Balda at 2015-07-11 20:15:16 Run:1
Running from C:\Documents and Settings\Balda\Plocha\cst
Loaded Profiles: Balda (Available Profiles: Balda & Mamka)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-117609710-602162358-839522115-1003\...\Run: [Windows] => C:\Users\Public\Windows\downloadll.vbs [81 2014-05-08] ()
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
C:\Users\Public\Windows\downloadll.vbs
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S4 IntelIde; No ImagePath
C:\WINDOWS\Tasks\SaG6QNzSBtzYyiTo.job
C:\WINDOWS\Tasks\w2W3KYV5bTKRnX.job
C:\Documents and Settings\Balda\Local Settings\Temp
End
*****************

HKU\S-1-5-21-117609710-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Windows => value removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => key removed successfully.
C:\Users\Public\Windows\downloadll.vbs => moved successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
IntelIde => Service removed successfully.
C:\WINDOWS\Tasks\SaG6QNzSBtzYyiTo.job => moved successfully.
C:\WINDOWS\Tasks\w2W3KYV5bTKRnX.job => moved successfully.

"C:\Documents and Settings\Balda\Local Settings\Temp" folder move:

Could not move "C:\Documents and Settings\Balda\Local Settings\Temp" folder => Scheduled to move on reboot.

#8 Příspěvek od **Rudy** » 11 črc 2015 19:55

Smazáno. Vše v pořádku?

zdenek72 · #9 Příspěvek od **zdenek72** » 13 črc 2015 19:52

Díky moc, vše v pohodě už to zase běhá.

Díky

#10 Příspěvek od **Rudy** » 13 črc 2015 20:15

Nemáte zač!

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu