problem s pc

[mario-fm]

Ahoj chtel bych Vás poprosit o radu jak postupovat. Mam v pc zrejme virus, ktery nedovoli nainstalovat zadny sw ktery by ho detekoval/odstranil
blokuje zrejme i antivir Avast ktery se nepripoji k netu nebo jen castecne, meni obcas datum a cas.

Předem dekuji za pripadnou pomoc

Tady je log z combofix:
ComboFix 15-10-09.01 - oem 13.10.2015 12:26:02.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2023.1519 [GMT 2:00]
Spuštěný z: c:\documents and settings\oem\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-13 do 2015-10-13 )))))))))))))))))))))))))))))))
.
.
2015-10-13 10:17 . 2015-10-13 10:17 -------- d-----w- C:\7241c349af3d1106a206d3
2015-10-13 10:17 . 2015-10-13 10:17 -------- d-----w- C:\17022b9da24ace94af0048623afccae1
2015-10-13 08:48 . 2015-10-13 08:48 -------- d-----w- c:\program files\ESET
2015-10-13 08:40 . 2015-10-13 08:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2015-10-13 08:40 . 2015-10-13 08:40 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2015-10-13 08:40 . 2015-10-13 08:40 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\MFAData
2015-10-13 08:39 . 2015-10-13 08:39 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\Avg
2015-10-12 10:39 . 2015-10-13 08:48 -------- d-----w- C:\AdwCleaner
2015-10-09 10:48 . 2015-10-09 10:48 -------- d-----w- c:\program files\CCleaner
2015-10-09 10:47 . 2015-10-09 10:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-10-09 09:24 . 2015-10-09 09:24 -------- d-----w- c:\documents and settings\Administrator
2015-10-08 07:51 . 2015-10-08 07:51 -------- d-----w- c:\documents and settings\oem\Data aplikací\AVAST Software
2015-10-08 07:50 . 2015-10-08 07:50 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-10-08 07:50 . 2015-10-08 07:50 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-08 07:50 . 2015-10-08 07:50 157888 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-10-08 07:50 . 2015-10-08 07:50 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-08 07:50 . 2015-10-08 07:50 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-10-08 07:50 . 2015-10-08 07:50 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-08 07:50 . 2015-10-08 07:50 434184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-10-08 07:50 . 2015-10-08 07:50 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-08 07:50 . 2015-10-08 07:49 789296 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-10-08 07:50 . 2015-10-08 07:50 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-08 07:50 . 2015-10-08 07:50 43112 ----a-w- c:\windows\avastSS.scr
2015-10-08 07:46 . 2015-10-08 07:46 -------- d-----w- c:\program files\AVAST Software
2015-10-07 12:50 . 2015-10-07 12:50 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-08 07:50 696120 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 1690096]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-10-08 6134544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\tvnviewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8.10.2015 9:50 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8.10.2015 9:50 208664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.10.2015 9:50 789296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.10.2015 9:50 434184]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8.10.2015 9:50 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8.10.2015 9:50 76000]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [6.9.2012 2:52 112968]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [9.3.2010 1:40 144672]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [19.7.2013 12:12 1690096]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [8.10.2015 9:50 157888]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [23.1.2013 14:55 245760]
S3 ESETCleanersDriver;ESET Cleaner Service;\??\c:\windows\system32\Drivers\ESETCleanersDriver.sys --> c:\windows\system32\Drivers\ESETCleanersDriver.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - EAPIHDRV
*NewlyCreated* - ESETCLEANERSDRIVER
*Deregistered* - eapihdrv
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-08 07:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Otevřít programem PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: Interfaces\{4FFA8EC0-F4CE-4A65-8F46-1AC3DBA1D11C}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\rrziigmk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-4F6D5E84-5826-4394-9F40-3A9A19165651_is1 - c:\program files\PANDORA.TV\PanService\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-13 12:32
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2015-10-13 12:34:00
ComboFix-quarantined-files.txt 2015-10-13 10:33
.
Před spuštěním: Volných bajtů: 56 533 094 400
Po spuštění: Volných bajtů: 57 264 529 408
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 71A47B373C49D0D6FEB5579A6E2D8E22
413FC2A0C716421B3158746D63736515

[Rudy]

Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze profesionálům? Hodláte si nabořit systém, nebo některou aplikaci? Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[mario-fm]

Zdravim koukal jsem se na jine tema kde byl podobny problem tak jsem zkousel stejny postup, uz na to nesaham
Diky za info a zde je vypis z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-10-2015
Ran by oem (administrator) on MARIAN (13-10-2015 14:56:02)
Running from C:\Documents and Settings\oem\Plocha
Loaded Profiles: oem (Available Profiles: oem & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 2 (X86) Language: Čeština
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Breaker Software) C:\ucto\CzrSkl.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\oem\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-08] (AVAST Software)
HKU\S-1-5-21-1844237615-448539723-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2004-08-17] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{4FFA8EC0-F4CE-4A65-8F46-1AC3DBA1D11C}: [NameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-448539723-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={ ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-448539723-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1844237615-448539723-839522115-1003 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1844237615-448539723-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2004-08-17] (Společnost Microsoft)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\rrziigmk.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Extension: YouTube ALL HTML5 - C:\Documents and Settings\oem\Data aplikací\Mozilla\Firefox\Profiles\rrziigmk.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2015-07-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-08]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-08] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [112968 2012-09-06] (Intel Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoft LLC.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-10-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-10-08] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-08] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-08] (AVAST Software)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
S3 catchme; \??\C:\DOCUME~1\oem\LOCALS~1\Temp\catchme.sys [X]
S3 ESETCleanersDriver; \??\C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [X]
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 14:56 - 2015-10-13 14:56 - 00008549 _____ C:\Documents and Settings\oem\Plocha\FRST.txt
2015-10-13 14:55 - 2015-10-13 14:56 - 00000000 ____D C:\FRST
2015-10-13 14:53 - 2015-10-13 14:53 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\oem\Plocha\FRSTLauncher.exe
2015-10-13 14:52 - 2015-10-13 14:52 - 01699840 _____ (Farbar) C:\Documents and Settings\oem\Plocha\FRST.exe
2015-10-13 12:34 - 2015-10-13 14:56 - 00000000 ____D C:\Documents and Settings\oem\Local Settings\temp
2015-10-13 12:34 - 2015-10-13 12:34 - 00014723 _____ C:\ComboFix.txt
2015-10-13 12:34 - 2015-10-13 12:34 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-13 12:34 - 2015-10-13 12:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-10-13 12:23 - 2015-10-13 12:23 - 00000000 _RSHD C:\cmdcons
2015-10-13 12:23 - 2014-07-01 07:30 - 00000211 _____ C:\Boot.bak
2015-10-13 12:23 - 2004-08-03 23:00 - 00261312 __RSH C:\cmldr
2015-10-13 12:21 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-10-13 12:21 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-10-13 12:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-10-13 12:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-10-13 12:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-10-13 12:21 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-10-13 12:21 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-10-13 12:21 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-10-13 12:21 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-10-13 12:20 - 2015-10-13 12:34 - 00000000 ____D C:\Qoobox
2015-10-13 12:20 - 2015-10-13 12:32 - 00000000 ____D C:\WINDOWS\erdnt
2015-10-13 12:20 - 2015-10-13 12:20 - 00000000 ___RD C:\Documents and Settings\oem\Nabídka Start\Programy\Nástroje pro správu
2015-10-13 12:20 - 2015-10-13 12:20 - 00000000 ___RD C:\Documents and Settings\oem\Dokumenty\Filmy
2015-10-13 11:50 - 2015-10-13 11:51 - 00000000 ____D C:\rsit
2015-10-13 11:50 - 2015-10-13 11:50 - 00000000 ____D C:\Program Files\trend micro
2015-10-13 10:48 - 2015-10-13 10:48 - 00000000 ____D C:\Program Files\ESET
2015-10-13 10:40 - 2015-10-13 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2015-10-13 10:40 - 2015-10-13 10:40 - 00000000 ____D C:\Documents and Settings\oem\Local Settings\Data aplikací\MFAData
2015-10-13 10:40 - 2015-10-13 10:40 - 00000000 ____D C:\Documents and Settings\oem\Local Settings\Data aplikací\Avg2015
2015-10-13 10:39 - 2015-10-13 10:39 - 00000000 ____D C:\Documents and Settings\oem\Local Settings\Data aplikací\AvgSetupLog
2015-10-13 10:39 - 2015-10-13 10:39 - 00000000 ____D C:\Documents and Settings\oem\Local Settings\Data aplikací\Avg
2015-10-12 12:39 - 2015-10-13 10:48 - 00000000 ____D C:\AdwCleaner
2015-10-09 13:07 - 2015-10-09 13:09 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory
2015-10-09 13:07 - 2015-10-09 13:07 - 00000000 ____D C:\Documents and Settings\Administrator\Data aplikací\AVAST Software
2015-10-09 13:06 - 2015-10-09 13:06 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2015-10-09 13:06 - 2015-10-09 13:06 - 00000000 ____D C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2015-10-09 12:48 - 2015-10-09 12:48 - 00000000 ____D C:\Program Files\CCleaner
2015-10-09 12:48 - 2015-10-09 12:48 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
2015-10-09 12:47 - 2015-10-09 12:47 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-10-09 11:24 - 2015-10-09 13:09 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-10-09 11:24 - 2015-10-09 13:09 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2015-10-09 11:24 - 2015-10-09 13:07 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty
2015-10-09 11:24 - 2015-10-09 13:06 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2015-10-09 11:24 - 2015-10-09 13:06 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2015-10-09 11:24 - 2015-10-09 11:24 - 00000000 __SHD C:\WINDOWS\CSC
2015-10-09 11:24 - 2015-10-09 11:24 - 00000000 ____D C:\Documents and Settings\Administrator
2015-10-09 11:24 - 2013-01-22 20:46 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
2015-10-09 11:24 - 2013-01-22 20:46 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start
2015-10-09 11:24 - 2013-01-22 20:46 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní tiskárny
2015-10-09 11:24 - 2013-01-22 20:46 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní síť
2015-10-09 11:24 - 2013-01-22 20:46 - 00000000 ____D C:\Documents and Settings\Administrator\Oblíbené položky
2015-10-09 11:24 - 2013-01-22 19:53 - 00001599 _____ C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-10-09 11:24 - 2013-01-22 19:53 - 00000792 _____ C:\Documents and Settings\Administrator\Nabídka Start\Programy\Windows Media Player.lnk
2015-10-09 11:24 - 2013-01-22 19:53 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
2015-10-09 11:24 - 2013-01-22 19:53 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy
2015-10-09 11:24 - 2013-01-22 19:50 - 00000000 ___HD C:\Documents and Settings\Administrator\Šablony
2015-10-08 09:51 - 2015-10-08 09:51 - 00001689 _____ C:\Documents and Settings\All Users\Plocha\Avast Free Antivirus.lnk
2015-10-08 09:51 - 2015-10-08 09:51 - 00000000 ____D C:\Documents and Settings\oem\Data aplikací\AVAST Software
2015-10-08 09:51 - 2015-10-08 09:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\AVAST Software
2015-10-08 09:50 - 2015-10-13 14:16 - 00000358 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-10-08 09:50 - 2015-10-08 09:50 - 00434184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-08 09:50 - 2015-10-08 09:50 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-08 09:50 - 2015-10-08 09:50 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-08 09:50 - 2015-10-08 09:50 - 00157888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-10-08 09:50 - 2015-10-08 09:50 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-08 09:50 - 2015-10-08 09:50 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-10-08 09:50 - 2015-10-08 09:50 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-10-08 09:50 - 2015-10-08 09:50 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-08 09:50 - 2015-10-08 09:50 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-08 09:50 - 2015-10-08 09:50 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-08 09:50 - 2015-10-08 09:49 - 00789296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-08 09:46 - 2015-10-08 09:46 - 00000000 ____D C:\Program Files\AVAST Software
2015-10-07 14:50 - 2015-10-07 14:50 - 00000000 ____D C:\Documents and Settings\oem\Local Settings\Data aplikací\PCHealth
2015-10-05 09:51 - 2015-10-06 07:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-24 15:56 - 2015-09-24 15:56 - 00024746 _____ C:\Documents and Settings\oem\Plocha\objednavka gufera dodelat.xlsx
2015-09-14 12:53 - 2015-09-25 13:22 - 00000000 ____D C:\Documents and Settings\oem\Plocha\DDD

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 14:56 - 2013-01-22 19:56 - 00000000 ____D C:\Documents and Settings\oem\Plocha
2015-10-13 14:54 - 2013-01-23 13:20 - 00000000 ____D C:\Documents and Settings\oem\Dokumenty\Stažené soubory
2015-10-13 14:54 - 2013-01-22 19:56 - 00000000 ___HD C:\Documents and Settings\oem\Local Settings\Data aplikací
2015-10-13 14:44 - 2013-01-22 19:56 - 00032452 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-13 14:44 - 2013-01-22 19:56 - 00000178 ___SH C:\Documents and Settings\oem\ntuser.ini
2015-10-13 14:44 - 2013-01-22 19:56 - 00000000 ____D C:\Documents and Settings\oem
2015-10-13 14:17 - 2013-01-22 19:52 - 00326364 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-13 14:15 - 2013-01-22 20:46 - 00004102 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-13 14:11 - 2013-01-22 20:48 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-13 14:11 - 2013-01-22 20:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-13 14:11 - 2013-01-22 19:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-13 14:11 - 2001-10-25 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-13 12:32 - 2001-10-25 16:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-13 12:25 - 2013-01-22 19:56 - 00000000 __RHD C:\Documents and Settings\oem\Data aplikací
2015-10-13 12:23 - 2013-01-22 20:44 - 00000327 __RSH C:\boot.ini
2015-10-13 12:20 - 2013-01-22 19:56 - 00000000 ___RD C:\Documents and Settings\oem\Nabídka Start\Programy
2015-10-13 12:20 - 2013-01-22 19:56 - 00000000 ___RD C:\Documents and Settings\oem\Dokumenty
2015-10-13 11:51 - 2013-01-22 19:55 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-10-13 10:40 - 2013-01-22 20:45 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-10-12 13:21 - 2013-01-24 13:50 - 00002521 _____ C:\Documents and Settings\oem\Plocha\OUTLOOK.lnk
2015-10-12 12:39 - 2013-01-22 20:45 - 00546308 _____ C:\WINDOWS\setupapi.log
2015-10-09 13:03 - 2013-01-22 20:46 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-10-09 09:19 - 2014-11-18 14:32 - 00000000 ____D C:\Documents and Settings\oem\Dokumenty\Moje štítky
2015-10-08 09:51 - 2013-01-22 20:46 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-10-08 09:50 - 2015-09-11 10:54 - 00181026 _____ C:\WINDOWS\Wdf01009Inst.log
2015-10-08 09:45 - 2013-01-23 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2015-10-07 16:19 - 2013-01-23 13:26 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-10-07 14:18 - 2013-01-22 20:46 - 00095416 _____ C:\WINDOWS\iis6.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00055424 _____ C:\WINDOWS\FaxSetup.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00038004 _____ C:\WINDOWS\ocgen.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00031704 _____ C:\WINDOWS\tsoc.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00030788 _____ C:\WINDOWS\comsetup.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00017256 _____ C:\WINDOWS\ntdtcsetup.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00010880 _____ C:\WINDOWS\netfxocm.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00004756 _____ C:\WINDOWS\MedCtrOC.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00003670 _____ C:\WINDOWS\ocmsn.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00003429 _____ C:\WINDOWS\tabletoc.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00003204 _____ C:\WINDOWS\msgsocm.log
2015-10-07 14:18 - 2013-01-22 20:46 - 00001917 _____ C:\WINDOWS\imsins.log
2015-10-07 07:39 - 2013-01-23 13:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-25 13:22 - 2013-03-05 12:12 - 00108032 ___SH C:\Documents and Settings\oem\Plocha\Thumbs.db
2015-09-17 14:49 - 2013-03-14 09:38 - 00012800 _____ C:\Documents and Settings\oem\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-17 08:35 - 2015-09-08 09:12 - 00000000 ____D C:\Documents and Settings\oem\Plocha\lucie

==================== Files in the root of some directories =======

2013-03-14 09:38 - 2015-09-17 14:49 - 0012800 _____ () C:\Documents and Settings\oem\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Documents and Settings\oem\Local Settings\Data aplikací\setup.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:74.52 GB) (Free:53.1 GB) NTFS ==>[drive with boot components (Windows XP)]

Available physical RAM: 1190.71 MB
Total physical RAM: 2023.23 MB
Percentage of memory in use: 41%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 74.5 GB) (Disk ID: C9D81D0D)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\oem\Plocha" je 321 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Windows Search.lnk
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE /startup [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\TightVNC\\tvnserver.exe"="C:\\Program Files\\TightVNC\\tvnserver.exe:*:Enabled:TightVNC"
"C:\\Program Files\\TightVNC\\tvnviewer.exe"="C:\\Program Files\\TightVNC\\tvnviewer.exe:*:Enabled:TightVNC"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

[Rudy]

CF doporučujeme uživatelům až po kontrole FRST, nebo RSIT. Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[mario-fm]

Ten nenasel nic uz jsem ho zkousel i predtim.

# AdwCleaner v5.013 - Logfile created 14/10/2015 at 12:45:35
# Updated 09/10/2015 by Xplode
# Database : 2015-10-13.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 2 (x86)
# Username : oem - MARIAN
# Running from : C:\Documents and Settings\oem\Plocha\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [661 bytes] ##########

[Rudy]

OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-448539723-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
S4 IntelIde; no ImagePath
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[mario-fm]

Hotovo, dekuji moc jeste jednou za ochotu

Fix result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
Ran by oem (2015-10-19 11:55:00) Run:1
Running from C:\Documents and Settings\oem\Plocha
Loaded Profiles: oem (Available Profiles: oem & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-448539723-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
S4 IntelIde; no ImagePath
End
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1844237615-448539723-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
IntelIde => service removed successfully.

==== End of Fixlog 11:55:00 ====

[Rudy]

Smazáno. Vše v pořádku?

[mario-fm]

Počítač se trochu zrychlil ale myslim že něco tam je pořád, čas mi to pořád mění, nedovolí spustit adaware instalaci a certifikat outlooku je nějaký divný a avast se nepřipojí k účtu.

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[mario-fm]

Ten bohužel nenainstaluju, at stahnu jakoukoli verzi porad to haze chyby pri instalaci. Adaware apod. jsem take zkousel a ten ani nespustim.
Ani v nouzovem rezimu to nejde.

[Rudy]

Dejte ještě jeden ComboFix.

[mario-fm]

A mam to spustit pres restart a nez nabehne windows tak dat console?

[Rudy]

Ne, konzolu neinstelujte, potřebuji pouze log ComboFix.

[mario-fm]

Tady je log:

ComboFix 15-10-23.01 - oem 23.10.2015 14:44:22.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2023.1568 [GMT 2:00]
Spuštěný z: c:\documents and settings\oem\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\oem\Local Settings\Data aplikací\MSGBOX.EXE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-23 do 2015-10-23 )))))))))))))))))))))))))))))))
.
.
2015-10-13 12:55 . 2015-10-19 09:55 -------- d-----w- C:\FRST
2015-10-13 09:50 . 2015-10-13 09:50 -------- d-----w- c:\program files\trend micro
2015-10-13 09:50 . 2015-10-13 09:51 -------- d-----w- C:\rsit
2015-10-13 08:48 . 2015-10-13 08:48 -------- d-----w- c:\program files\ESET
2015-10-13 08:40 . 2015-10-13 08:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2015-10-13 08:40 . 2015-10-13 08:40 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2015-10-13 08:40 . 2015-10-13 08:40 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\MFAData
2015-10-13 08:39 . 2015-10-13 08:39 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\Avg
2015-10-12 10:39 . 2015-10-14 10:45 -------- d-----w- C:\AdwCleaner
2015-10-09 10:48 . 2015-10-09 10:48 -------- d-----w- c:\program files\CCleaner
2015-10-09 10:47 . 2015-10-09 10:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-10-09 09:24 . 2015-10-09 09:24 -------- d-----w- c:\documents and settings\Administrator
2015-10-08 07:51 . 2015-10-08 07:51 -------- d-----w- c:\documents and settings\oem\Data aplikací\AVAST Software
2015-10-08 07:50 . 2015-10-08 07:50 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-10-08 07:50 . 2015-10-08 07:50 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-08 07:50 . 2015-10-08 07:50 157888 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-10-08 07:50 . 2015-10-08 07:50 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-08 07:50 . 2015-10-08 07:50 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-10-08 07:50 . 2015-10-08 07:50 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-08 07:50 . 2015-10-08 07:50 434184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-10-08 07:50 . 2015-10-08 07:50 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-08 07:50 . 2015-10-08 07:49 789296 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-10-08 07:50 . 2015-10-08 07:50 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-08 07:50 . 2015-10-08 07:50 43112 ----a-w- c:\windows\avastSS.scr
2015-10-08 07:46 . 2015-10-08 07:46 -------- d-----w- c:\program files\AVAST Software
2015-10-07 12:50 . 2015-10-07 12:50 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-08 07:50 696120 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 1690096]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-10-08 6134544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\tvnviewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8.10.2015 9:50 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8.10.2015 9:50 208664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.10.2015 9:50 789296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.10.2015 9:50 434184]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8.10.2015 9:50 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8.10.2015 9:50 76000]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [6.9.2012 2:52 112968]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [9.3.2010 1:40 144672]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [19.7.2013 12:12 1690096]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [8.10.2015 9:50 157888]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [23.1.2013 14:55 245760]
S3 ESETCleanersDriver;ESET Cleaner Service;\??\c:\windows\system32\Drivers\ESETCleanersDriver.sys --> c:\windows\system32\Drivers\ESETCleanersDriver.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-08 07:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Otevřít programem PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: Interfaces\{4FFA8EC0-F4CE-4A65-8F46-1AC3DBA1D11C}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\rrziigmk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-23 14:53
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Celkový čas: 2015-10-23 14:55:49
ComboFix-quarantined-files.txt 2015-10-23 12:55
ComboFix2.txt 2015-10-13 10:34
.
Před spuštěním: Volných bajtů: 57 090 113 536
Po spuštění: Volných bajtů: 57 115 504 640
.
- - End Of File - - D4BFB8CDD6EFEAD1B07B7BD95B6B8711
413FC2A0C716421B3158746D63736515