Přitom procesor a ram nepracují naplno ... Programy na vytvoření logu se vždy zaseknou ...
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosim o pomoc
Zdravím , prosím o pomoc . Pc se zpomalilo tak, že na něm lze něco dělat jen v nouzovém režimu Přitom procesor a ram nepracují naplno ... Programy na vytvoření logu se vždy zaseknou ...
Přitom procesor a ram nepracují naplno ... Programy na vytvoření logu se vždy zaseknou ...Re: Prosim o pomoc
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Dodo (administrator) on GROUP-4B24797DB (11-11-2015 10:14:26)
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [snuvcdsm] => C:\WINDOWS\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Assassin G13] => C:\Program Files\Assassin G13\assassin.exe [1318912 2006-12-21] (Black List Software)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-11] (AVAST Software)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [f.lux] => C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [GoogleChromeAutoLaunch_498CA8CB76697D2490F3CA2E3BD5BAD8] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [SlimDrivers] => C:\Program Files\SlimDrivers\SlimDrivers.exe [29731096 2015-02-27] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [Loaris Trojan Remover] => C:\Program Files\Loaris\Trojan Remover\ltr.exe [9434624 2014-08-15] (Loaris Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-11-11] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exesprestrt
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{56F82C23-E7A4-4152-90FF-DA03751B4002}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-854245398-1677128483-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-854245398-1677128483-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-11] (AVAST Software)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2010-01-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-1677128483-842925246-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default\Extensions\abs@avira.com [2015-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-01] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-11]
FF Extension: No Name - C:\Documents and Settings\Dodo\Data aplikacĂ\Mozilla\Firefox\Profiles\WfXWPG0P.default\extensions\abs@avira.com [not found]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (AdBlock) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Tag Assistant (by Google)) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Fast Video Downloader) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-12] (Adobe Systems) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-11] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
S2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2067936 2012-04-30] (Atheros Communications, Inc.)
S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-11-11] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-11-11] (AVAST Software)
S1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-11-11] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-11-11] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-11-11] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [435464 2015-11-11] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [167152 2015-11-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-11-11] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-11-11] (AVAST Software)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-04-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [815616 2000-01-01] (Conexant Systems Inc.)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
S3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82072 2000-01-01] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2010-01-14] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-08-17] (Synaptics Incorporated)
S3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
S1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-09-10] (Avira Operations GmbH & Co. KG)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13368 2015-11-11] (SlimWare Utilities, Inc.)
S1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [456704 2010-01-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 nlqrmejr; no ImagePath
S3 poshxhhc; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225856 2010-01-14] (Microsoft Corporation)
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-11 10:14 - 2015-11-11 10:15 - 00013655 _____ C:\Documents and Settings\Dodo\Plocha\FRST.txt
2015-11-11 10:03 - 2015-11-11 10:14 - 00000000 ____D C:\FRST
2015-11-11 10:00 - 2015-11-11 10:00 - 00029696 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\MSGBOX.EXE
2015-11-11 10:00 - 2015-11-11 10:00 - 00015327 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 09:59 - 2015-11-11 09:59 - 01702400 _____ (Farbar) C:\Documents and Settings\Dodo\Plocha\FRST.exe
2015-11-11 09:59 - 2015-11-11 09:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Dodo\Plocha\FRSTLauncher.exe
2015-11-11 09:50 - 2015-11-11 09:50 - 00000000 ____D C:\rsit
2015-11-11 08:53 - 2015-11-11 08:54 - 00000000 ___SD C:\32788R22FWJFW
2015-11-11 08:06 - 2015-11-11 09:00 - 00001866 _____ C:\WINDOWS\setupapi.log
2015-11-11 08:04 - 2015-11-11 08:04 - 02329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-11 08:02 - 2015-11-11 08:02 - 00000156 _____ C:\Documents and Settings\Dodo\Dokumenty\cc_20151111_080210.reg
2015-11-11 03:19 - 2015-11-11 03:19 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\AVAST Software
2015-11-11 02:58 - 2015-11-11 02:58 - 00001689 _____ C:\Documents and Settings\All Users\Plocha\Avast Free Antivirus.lnk
2015-11-11 02:56 - 2015-11-11 02:51 - 00167152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-11-11 02:56 - 2015-11-11 02:51 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-11-11 02:55 - 2015-11-11 02:51 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-11 02:51 - 2015-11-11 02:51 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-10 23:49 - 2015-11-11 02:56 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-11-10 23:49 - 2015-11-11 02:51 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00435464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-10 23:46 - 2015-11-10 23:46 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-10 09:45 - 2015-11-11 08:59 - 00013368 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-11-10 09:45 - 2015-11-10 09:45 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-11-10 07:41 - 2015-11-10 07:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-10 07:39 - 2015-11-10 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-11-10 07:32 - 2015-11-10 07:36 - 00003664 _____ C:\Documents and Settings\Dodo\Plocha\Rkill.txt
2015-11-10 02:22 - 2015-11-10 02:22 - 00000859 _____ C:\Documents and Settings\All Users\Plocha\Avira Launcher.lnk
2015-11-09 02:17 - 2015-11-09 02:17 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-09 02:17 - 2015-11-09 02:17 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-11-09 02:17 - 2015-11-09 02:17 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-09 02:16 - 2015-11-09 02:16 - 00010122 _____ C:\ComboFix.txt
2015-11-08 21:37 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-11-08 21:37 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-11-08 21:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-11-08 21:36 - 2015-11-09 02:17 - 00000000 ____D C:\Qoobox
2015-10-27 21:40 - 2015-10-27 21:40 - 00017171 _____ C:\Documents and Settings\Dodo\Dokumenty\pi5XdLriB.jpeg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-11 10:15 - 2015-09-04 20:37 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\temp
2015-11-11 10:14 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha
2015-11-11 10:00 - 2014-02-28 09:17 - 00000000 ___HD C:\Documents and Settings\Dodo\Local Settings\Data aplikací
2015-11-11 09:44 - 2014-06-24 18:01 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-11 09:44 - 2014-06-24 18:01 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-11 09:44 - 2014-02-28 09:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-11 09:01 - 2015-08-27 16:48 - 00031938 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-11 09:01 - 2014-06-24 18:00 - 00032374 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-11 09:01 - 2014-02-28 09:17 - 00000178 ___SH C:\Documents and Settings\Dodo\ntuser.ini
2015-11-11 09:01 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo
2015-11-11 08:48 - 2015-09-11 08:28 - 00002413 _____ C:\Documents and Settings\Dodo\Plocha\Assassin G13.lnk
2015-11-11 08:02 - 2014-02-28 09:17 - 00000000 ___RD C:\Documents and Settings\Dodo\Dokumenty
2015-11-11 08:01 - 2014-03-01 23:42 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-11 08:01 - 2014-02-28 09:00 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-11 08:01 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-11 08:01 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-11-11 07:53 - 2015-06-23 22:18 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
2015-11-11 03:19 - 2014-02-28 09:17 - 00000000 __RHD C:\Documents and Settings\Dodo\Data aplikací
2015-11-11 03:16 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-11-11 02:55 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-11-11 02:48 - 2014-02-28 09:04 - 00002504 ____C C:\WINDOWS\system32\CONFIG.NT
2015-11-10 23:46 - 2014-05-25 08:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2015-11-10 09:41 - 2015-04-17 18:35 - 00000000 ____D C:\AdwCleaner
2015-11-10 07:39 - 2014-02-28 09:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-11-10 03:00 - 2015-06-15 18:29 - 00000360 _____ C:\WINDOWS\Tasks\XoftSpySE.job
2015-11-10 02:58 - 2015-07-17 10:32 - 00000000 ____D C:\D přesunute
2015-11-10 02:20 - 2015-09-10 14:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2015-11-10 02:18 - 2014-05-28 05:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-11-10 02:15 - 2015-09-11 08:19 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\screen shots
2015-11-09 20:36 - 2015-09-11 08:21 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\udrzba PC
2015-11-09 02:11 - 2014-02-28 09:40 - 01249222 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-09 02:07 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-09 02:05 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-08 21:17 - 2015-07-18 20:18 - 05637844 ____R (Swearware) C:\Documents and Settings\Dodo\Plocha\ComboFix.exe
2015-11-05 01:11 - 2014-04-09 02:23 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-31 00:44 - 2014-02-28 11:47 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Skype
2015-10-30 09:08 - 2014-05-28 03:28 - 00181248 __SHC C:\Documents and Settings\Dodo\Dokumenty\Thumbs.db
2015-10-29 19:06 - 2015-05-04 20:38 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-10-29 09:38 - 2015-08-24 22:17 - 00000000 ____D C:\Documents and Settings\Dodo\Dokumenty\acident
2015-10-28 19:32 - 2014-04-30 01:37 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\vlc
2015-10-28 19:30 - 2014-12-08 08:32 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\uTorrent
2015-10-22 19:24 - 2015-04-16 21:58 - 00000719 _____ C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
2015-10-16 15:36 - 2015-04-13 01:06 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\UmmyVideoDownloader
==================== Files in the root of some directories =======
2014-12-27 04:09 - 2014-12-27 04:08 - 0644490 _____ () C:\Program Files\enzymy složení.jpg
2014-04-02 16:34 - 2015-09-02 23:44 - 0026112 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 10:00 - 2015-11-11 10:00 - 0015327 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 10:00 - 2015-11-11 10:00 - 0029696 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\MSGBOX.EXE
Some files in TEMP:
====================
C:\Documents and Settings\Dodo\Local Settings\temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Ran by Dodo (administrator) on GROUP-4B24797DB (11-11-2015 10:14:26)
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [snuvcdsm] => C:\WINDOWS\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Assassin G13] => C:\Program Files\Assassin G13\assassin.exe [1318912 2006-12-21] (Black List Software)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-11] (AVAST Software)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [f.lux] => C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [GoogleChromeAutoLaunch_498CA8CB76697D2490F3CA2E3BD5BAD8] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [SlimDrivers] => C:\Program Files\SlimDrivers\SlimDrivers.exe [29731096 2015-02-27] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [Loaris Trojan Remover] => C:\Program Files\Loaris\Trojan Remover\ltr.exe [9434624 2014-08-15] (Loaris Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-11-11] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exesprestrt
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{56F82C23-E7A4-4152-90FF-DA03751B4002}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-854245398-1677128483-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-854245398-1677128483-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-11] (AVAST Software)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2010-01-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-1677128483-842925246-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default\Extensions\abs@avira.com [2015-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-01] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-11]
FF Extension: No Name - C:\Documents and Settings\Dodo\Data aplikacĂ\Mozilla\Firefox\Profiles\WfXWPG0P.default\extensions\abs@avira.com [not found]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (AdBlock) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Tag Assistant (by Google)) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Fast Video Downloader) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-12] (Adobe Systems) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-11] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
S2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2067936 2012-04-30] (Atheros Communications, Inc.)
S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-11-11] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-11-11] (AVAST Software)
S1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-11-11] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-11-11] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-11-11] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [435464 2015-11-11] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [167152 2015-11-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-11-11] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-11-11] (AVAST Software)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-04-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [815616 2000-01-01] (Conexant Systems Inc.)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
S3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82072 2000-01-01] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2010-01-14] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-08-17] (Synaptics Incorporated)
S3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
S1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-09-10] (Avira Operations GmbH & Co. KG)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13368 2015-11-11] (SlimWare Utilities, Inc.)
S1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [456704 2010-01-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 nlqrmejr; no ImagePath
S3 poshxhhc; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225856 2010-01-14] (Microsoft Corporation)
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-11 10:14 - 2015-11-11 10:15 - 00013655 _____ C:\Documents and Settings\Dodo\Plocha\FRST.txt
2015-11-11 10:03 - 2015-11-11 10:14 - 00000000 ____D C:\FRST
2015-11-11 10:00 - 2015-11-11 10:00 - 00029696 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\MSGBOX.EXE
2015-11-11 10:00 - 2015-11-11 10:00 - 00015327 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 09:59 - 2015-11-11 09:59 - 01702400 _____ (Farbar) C:\Documents and Settings\Dodo\Plocha\FRST.exe
2015-11-11 09:59 - 2015-11-11 09:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Dodo\Plocha\FRSTLauncher.exe
2015-11-11 09:50 - 2015-11-11 09:50 - 00000000 ____D C:\rsit
2015-11-11 08:53 - 2015-11-11 08:54 - 00000000 ___SD C:\32788R22FWJFW
2015-11-11 08:06 - 2015-11-11 09:00 - 00001866 _____ C:\WINDOWS\setupapi.log
2015-11-11 08:04 - 2015-11-11 08:04 - 02329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-11 08:02 - 2015-11-11 08:02 - 00000156 _____ C:\Documents and Settings\Dodo\Dokumenty\cc_20151111_080210.reg
2015-11-11 03:19 - 2015-11-11 03:19 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\AVAST Software
2015-11-11 02:58 - 2015-11-11 02:58 - 00001689 _____ C:\Documents and Settings\All Users\Plocha\Avast Free Antivirus.lnk
2015-11-11 02:56 - 2015-11-11 02:51 - 00167152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-11-11 02:56 - 2015-11-11 02:51 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-11-11 02:55 - 2015-11-11 02:51 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-11 02:51 - 2015-11-11 02:51 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-10 23:49 - 2015-11-11 02:56 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-11-10 23:49 - 2015-11-11 02:51 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00435464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-11-10 23:49 - 2015-11-11 02:51 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-10 23:46 - 2015-11-10 23:46 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-10 09:45 - 2015-11-11 08:59 - 00013368 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-11-10 09:45 - 2015-11-10 09:45 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-11-10 07:41 - 2015-11-10 07:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-10 07:39 - 2015-11-10 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-11-10 07:32 - 2015-11-10 07:36 - 00003664 _____ C:\Documents and Settings\Dodo\Plocha\Rkill.txt
2015-11-10 02:22 - 2015-11-10 02:22 - 00000859 _____ C:\Documents and Settings\All Users\Plocha\Avira Launcher.lnk
2015-11-09 02:17 - 2015-11-09 02:17 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-09 02:17 - 2015-11-09 02:17 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-11-09 02:17 - 2015-11-09 02:17 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-09 02:16 - 2015-11-09 02:16 - 00010122 _____ C:\ComboFix.txt
2015-11-08 21:37 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-11-08 21:37 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-11-08 21:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-11-08 21:36 - 2015-11-09 02:17 - 00000000 ____D C:\Qoobox
2015-10-27 21:40 - 2015-10-27 21:40 - 00017171 _____ C:\Documents and Settings\Dodo\Dokumenty\pi5XdLriB.jpeg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-11 10:15 - 2015-09-04 20:37 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\temp
2015-11-11 10:14 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha
2015-11-11 10:00 - 2014-02-28 09:17 - 00000000 ___HD C:\Documents and Settings\Dodo\Local Settings\Data aplikací
2015-11-11 09:44 - 2014-06-24 18:01 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-11 09:44 - 2014-06-24 18:01 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-11 09:44 - 2014-02-28 09:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-11 09:01 - 2015-08-27 16:48 - 00031938 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-11 09:01 - 2014-06-24 18:00 - 00032374 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-11 09:01 - 2014-02-28 09:17 - 00000178 ___SH C:\Documents and Settings\Dodo\ntuser.ini
2015-11-11 09:01 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo
2015-11-11 08:48 - 2015-09-11 08:28 - 00002413 _____ C:\Documents and Settings\Dodo\Plocha\Assassin G13.lnk
2015-11-11 08:02 - 2014-02-28 09:17 - 00000000 ___RD C:\Documents and Settings\Dodo\Dokumenty
2015-11-11 08:01 - 2014-03-01 23:42 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-11 08:01 - 2014-02-28 09:00 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-11 08:01 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-11 08:01 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-11-11 07:53 - 2015-06-23 22:18 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
2015-11-11 03:19 - 2014-02-28 09:17 - 00000000 __RHD C:\Documents and Settings\Dodo\Data aplikací
2015-11-11 03:16 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-11-11 02:55 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-11-11 02:48 - 2014-02-28 09:04 - 00002504 ____C C:\WINDOWS\system32\CONFIG.NT
2015-11-10 23:46 - 2014-05-25 08:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2015-11-10 09:41 - 2015-04-17 18:35 - 00000000 ____D C:\AdwCleaner
2015-11-10 07:39 - 2014-02-28 09:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-11-10 03:00 - 2015-06-15 18:29 - 00000360 _____ C:\WINDOWS\Tasks\XoftSpySE.job
2015-11-10 02:58 - 2015-07-17 10:32 - 00000000 ____D C:\D přesunute
2015-11-10 02:20 - 2015-09-10 14:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2015-11-10 02:18 - 2014-05-28 05:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-11-10 02:15 - 2015-09-11 08:19 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\screen shots
2015-11-09 20:36 - 2015-09-11 08:21 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\udrzba PC
2015-11-09 02:11 - 2014-02-28 09:40 - 01249222 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-09 02:07 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-09 02:05 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-08 21:17 - 2015-07-18 20:18 - 05637844 ____R (Swearware) C:\Documents and Settings\Dodo\Plocha\ComboFix.exe
2015-11-05 01:11 - 2014-04-09 02:23 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-31 00:44 - 2014-02-28 11:47 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Skype
2015-10-30 09:08 - 2014-05-28 03:28 - 00181248 __SHC C:\Documents and Settings\Dodo\Dokumenty\Thumbs.db
2015-10-29 19:06 - 2015-05-04 20:38 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-10-29 09:38 - 2015-08-24 22:17 - 00000000 ____D C:\Documents and Settings\Dodo\Dokumenty\acident
2015-10-28 19:32 - 2014-04-30 01:37 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\vlc
2015-10-28 19:30 - 2014-12-08 08:32 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\uTorrent
2015-10-22 19:24 - 2015-04-16 21:58 - 00000719 _____ C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
2015-10-16 15:36 - 2015-04-13 01:06 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\UmmyVideoDownloader
==================== Files in the root of some directories =======
2014-12-27 04:09 - 2014-12-27 04:08 - 0644490 _____ () C:\Program Files\enzymy složení.jpg
2014-04-02 16:34 - 2015-09-02 23:44 - 0026112 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 10:00 - 2015-11-11 10:00 - 0015327 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 10:00 - 2015-11-11 10:00 - 0029696 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\MSGBOX.EXE
Some files in TEMP:
====================
C:\Documents and Settings\Dodo\Local Settings\temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.rar
- (7.14 KiB) Staženo 46 x
Re: Prosim o pomoc
Krasny den Vam preju 
Protoze jste pri spusteni ComboFixu souhlasil s podminkami uziti, jen se ujistim, ze jste osoba pro praci s nim vyskolena nebo Vam alespon osoba zkusena asistovala. Poprosim Vas o obsah logu z CF.
Na prvni pohled to vypada na kolizi antiviru nebo spatne fungujici avast. Stahnete si novy instalacni soubor noveho antiviru, pote Avast i Aviru na zkousku odinstalujte a vyzkousejte chovani PC (na odinstalovani avastu pouzijte oficialni odinstalator https://www.avast.com/cs-cz/uninstall-utility ). Pak jeden antivir nanovo nainstalujte.
Protoze jste pri spusteni ComboFixu souhlasil s podminkami uziti, jen se ujistim, ze jste osoba pro praci s nim vyskolena nebo Vam alespon osoba zkusena asistovala. Poprosim Vas o obsah logu z CF. Na prvni pohled to vypada na kolizi antiviru nebo spatne fungujici avast. Stahnete si novy instalacni soubor noveho antiviru, pote Avast i Aviru na zkousku odinstalujte a vyzkousejte chovani PC (na odinstalovani avastu pouzijte oficialni odinstalator https://www.avast.com/cs-cz/uninstall-utility ). Pak jeden antivir nanovo nainstalujte.Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosim o pomoc
Zdravím a děkuji za rychlou pomoc .
S combofx jsem již několikrát pracoval . Zvláštní bylo že i po odinstalování avastu i aviry mi Combofx hlásil že avast má stále zapnuté štíty ( a po avastu ani zmíňky v počítači )
Zde je log děkuji
ComboFix 15-11-09.01 - Dodo 12.11.2015 2:01.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3001.2554 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dodo\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dodo\Local Settings\Data aplikací\MSGBOX.EXE
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-12 do 2015-11-12 )))))))))))))))))))))))))))))))
.
.
2015-11-11 23:56 . 2015-11-12 00:14 -------- d-----w- c:\program files\AVAST Software
2015-11-11 09:03 . 2015-11-11 09:17 -------- d-----w- C:\FRST
2015-11-11 09:00 . 2015-11-11 09:00 15327 ----a-w- c:\documents and settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 08:50 . 2015-11-11 08:50 -------- d-----w- C:\rsit
2015-11-10 08:45 . 2015-11-12 01:16 13368 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-11-10 08:45 . 2015-11-10 08:45 -------- d-----w- c:\documents and settings\Dodo\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-11-10 06:41 . 2015-11-10 06:41 -------- d-----w- c:\program files\Common Files\Lavasoft
2015-11-10 06:39 . 2015-11-10 06:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-11 07:28 . 2015-09-10 06:23 40960 ----a-r- c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe1_B207324667E340CDA7EF8882D37119BC.exe
2015-09-11 07:28 . 2015-09-10 06:23 40960 ----a-r- c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe_B207324667E340CDA7EF8882D37119BC.exe
2015-09-05 10:04 . 2014-04-02 16:47 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-05 10:04 . 2014-04-02 16:47 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\documents and settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"GoogleChromeAutoLaunch_498CA8CB76697D2490F3CA2E3BD5BAD8"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-07-25 813896]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2015-02-27 29731096]
"Loaris Trojan Remover"="c:\program files\Loaris\Trojan Remover\ltr.exe" [2014-08-15 9434624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-12-16 73832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2011-01-13 30080]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2011-01-13 202112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Assassin G13"="c:\program files\Assassin G13\assassin.exe" [2006-12-21 1318912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdateSvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"SDWSCService"=2 (0x2)
"SDUpdateService"=2 (0x2)
"SDScannerService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Dodo\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
.
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27.7.2015 19:11 15688]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [15.10.2013 5:38 50704]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.2.2014 9:43 82072]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [17.8.2014 18:14 28656]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 16:04 9472]
S2 Avira.ServiceHost;Avira Service Host;"c:\program files\Avira\Launcher\Avira.ServiceHost.exe" --> c:\program files\Avira\Launcher\Avira.ServiceHost.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [18.2.2015 19:11 315488]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12.5.2015 19:05 83168]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 nlqrmejr;nlqrmejr; [x]
S3 poshxhhc;poshxhhc; [x]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27.7.2015 19:11 10320]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [30.6.2014 23:15 171520]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12.5.2015 19:05 181344]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [10.11.2015 9:45 13368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-29 06:16 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02 10:04]
.
2014-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2015-11-12 c:\windows\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
- c:\program files\Citrix\GoToMeeting\2759\g2mupload.exe [2015-06-23 21:18]
.
2014-10-27 c:\windows\Tasks\Opera scheduled Autoupdate 1393579374.job
- c:\program files\Opera\launcher.exe [2014-02-28 09:39]
.
2015-11-10 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2006-06-19 22:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-Avira SystrayStartTrigger - c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-11-12 02:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Celkový čas: 2015-11-12 02:23:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-11-12 01:23
ComboFix2.txt 2015-11-09 01:16
.
Před spuštěním: Volných bajtů: 16 642 519 040
Po spuštění: Volných bajtů: 16 665 706 496
.
- - End Of File - - B05D4557879F4C1D7429B3549556D9C2
413FC2A0C716421B3158746D63736515
S combofx jsem již několikrát pracoval . Zvláštní bylo že i po odinstalování avastu i aviry mi Combofx hlásil že avast má stále zapnuté štíty ( a po avastu ani zmíňky v počítači )
Zde je log děkuji
ComboFix 15-11-09.01 - Dodo 12.11.2015 2:01.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3001.2554 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dodo\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dodo\Local Settings\Data aplikací\MSGBOX.EXE
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-12 do 2015-11-12 )))))))))))))))))))))))))))))))
.
.
2015-11-11 23:56 . 2015-11-12 00:14 -------- d-----w- c:\program files\AVAST Software
2015-11-11 09:03 . 2015-11-11 09:17 -------- d-----w- C:\FRST
2015-11-11 09:00 . 2015-11-11 09:00 15327 ----a-w- c:\documents and settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 08:50 . 2015-11-11 08:50 -------- d-----w- C:\rsit
2015-11-10 08:45 . 2015-11-12 01:16 13368 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-11-10 08:45 . 2015-11-10 08:45 -------- d-----w- c:\documents and settings\Dodo\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-11-10 06:41 . 2015-11-10 06:41 -------- d-----w- c:\program files\Common Files\Lavasoft
2015-11-10 06:39 . 2015-11-10 06:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-11 07:28 . 2015-09-10 06:23 40960 ----a-r- c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe1_B207324667E340CDA7EF8882D37119BC.exe
2015-09-11 07:28 . 2015-09-10 06:23 40960 ----a-r- c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe_B207324667E340CDA7EF8882D37119BC.exe
2015-09-05 10:04 . 2014-04-02 16:47 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-05 10:04 . 2014-04-02 16:47 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\documents and settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"GoogleChromeAutoLaunch_498CA8CB76697D2490F3CA2E3BD5BAD8"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-07-25 813896]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2015-02-27 29731096]
"Loaris Trojan Remover"="c:\program files\Loaris\Trojan Remover\ltr.exe" [2014-08-15 9434624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-12-16 73832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2011-01-13 30080]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2011-01-13 202112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Assassin G13"="c:\program files\Assassin G13\assassin.exe" [2006-12-21 1318912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdateSvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"SDWSCService"=2 (0x2)
"SDUpdateService"=2 (0x2)
"SDScannerService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Dodo\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
.
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27.7.2015 19:11 15688]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [15.10.2013 5:38 50704]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.2.2014 9:43 82072]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [17.8.2014 18:14 28656]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 16:04 9472]
S2 Avira.ServiceHost;Avira Service Host;"c:\program files\Avira\Launcher\Avira.ServiceHost.exe" --> c:\program files\Avira\Launcher\Avira.ServiceHost.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [18.2.2015 19:11 315488]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12.5.2015 19:05 83168]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 nlqrmejr;nlqrmejr; [x]
S3 poshxhhc;poshxhhc; [x]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27.7.2015 19:11 10320]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [30.6.2014 23:15 171520]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12.5.2015 19:05 181344]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [10.11.2015 9:45 13368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-29 06:16 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02 10:04]
.
2014-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2015-11-12 c:\windows\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
- c:\program files\Citrix\GoToMeeting\2759\g2mupload.exe [2015-06-23 21:18]
.
2014-10-27 c:\windows\Tasks\Opera scheduled Autoupdate 1393579374.job
- c:\program files\Opera\launcher.exe [2014-02-28 09:39]
.
2015-11-10 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2006-06-19 22:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-Avira SystrayStartTrigger - c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-11-12 02:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Celkový čas: 2015-11-12 02:23:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-11-12 01:23
ComboFix2.txt 2015-11-09 01:16
.
Před spuštěním: Volných bajtů: 16 642 519 040
Po spuštění: Volných bajtů: 16 665 706 496
.
- - End Of File - - B05D4557879F4C1D7429B3549556D9C2
413FC2A0C716421B3158746D63736515
Re: Prosim o pomoc
Na odinstalovani avastu (pripadne docisteni jeho zbytku) jste pouzil oficialni odinstalator v nouzovem rezimu? Pokud ne, pouzijte ho. Potom vytvorte nove logy FRST.txt a Addition.txt, ktere vlozte do pristi odpovedi.
Mejte na pameti, ze jste docasne bez antiviru na deravych XPeckach, proto se na internetu nepoustejte do zadneho harakiri.
Otestujte na virustotal.com c:\windows\system32\sfcfiles.dll - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.
Mejte na pameti, ze jste docasne bez antiviru na deravych XPeckach, proto se na internetu nepoustejte do zadneho harakiri.
Otestujte na virustotal.com c:\windows\system32\sfcfiles.dll - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosim o pomoc
zdravím a děkuji .
tady je odkaz https://www.virustotal.com/cs/file/c759 ... 447351540/
a log :
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Dodo (administrator) on GROUP-4B24797DB (12-11-2015 19:28:49)
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Black List Software) C:\Program Files\Assassin G13\assassin.exe
(Flux Software LLC) C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [snuvcdsm] => C:\WINDOWS\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Assassin G13] => C:\Program Files\Assassin G13\assassin.exe [1318912 2006-12-21] (Black List Software)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [f.lux] => C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [GoogleChromeAutoLaunch_498CA8CB76697D2490F3CA2E3BD5BAD8] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [SlimDrivers] => C:\Program Files\SlimDrivers\SlimDrivers.exe [29731096 2015-02-27] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [Loaris Trojan Remover] => C:\Program Files\Loaris\Trojan Remover\ltr.exe [9434624 2014-08-15] (Loaris Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2013-05-09] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exesprestrt
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{56F82C23-E7A4-4152-90FF-DA03751B4002}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-854245398-1677128483-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-854245398-1677128483-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2010-01-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-1677128483-842925246-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default\Extensions\abs@avira.com [2015-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-01] [not signed]
FF Extension: No Name - C:\Documents and Settings\Dodo\Data aplikacĂ\Mozilla\Firefox\Profiles\WfXWPG0P.default\extensions\abs@avira.com [not found]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (AdBlock) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Tag Assistant (by Google)) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Fast Video Downloader) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-12] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2067936 2012-04-30] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2015-11-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2015-11-12] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [175176 2015-11-12] ()
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-04-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [815616 2000-01-01] (Conexant Systems Inc.)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82072 2000-01-01] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2010-01-14] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-08-17] (Synaptics Incorporated)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-09-10] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [456704 2010-01-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 nlqrmejr; no ImagePath
S3 poshxhhc; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225856 2010-01-14] (Microsoft Corporation)
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U3 mbr; \??\C:\DOCUME~1\Dodo\LOCALS~1\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-12 19:22 - 2015-11-12 19:22 - 00000401 _____ C:\Documents and Settings\Dodo\Plocha\Addition.txt
2015-11-12 19:21 - 2015-11-12 19:28 - 00014634 _____ C:\Documents and Settings\Dodo\Plocha\FRST.txt
2015-11-12 02:33 - 2015-11-12 02:33 - 00001689 _____ C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2015-11-12 02:33 - 2015-11-12 02:33 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2015-11-12 02:33 - 2015-11-12 02:33 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2015-11-12 02:33 - 2015-11-12 02:33 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2015-11-12 02:33 - 2015-11-12 02:33 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
2015-11-12 02:33 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2015-11-12 02:32 - 2015-11-12 02:33 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-11-12 02:32 - 2015-11-12 02:33 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-11-12 02:32 - 2015-11-12 02:33 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-12 02:32 - 2015-11-12 02:32 - 00000312 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-11-12 02:32 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-12 02:32 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-11-12 02:32 - 2013-05-09 10:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-11-12 02:32 - 2013-05-09 10:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-12 02:32 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-12 02:31 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-12 02:30 - 2015-11-12 02:30 - 00000000 ____D C:\WINDOWS\LastGood
2015-11-12 02:30 - 2015-11-12 02:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2015-11-12 02:23 - 2015-11-12 02:23 - 00009794 _____ C:\ComboFix.txt
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-12 00:56 - 2015-11-12 02:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-12 00:00 - 2015-11-12 00:00 - 05903688 _____ (AVAST Software) C:\Documents and Settings\Dodo\Plocha\avastclear.exe
2015-11-11 10:03 - 2015-11-12 19:28 - 00000000 ____D C:\FRST
2015-11-11 10:00 - 2015-11-11 10:00 - 00015327 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 09:59 - 2015-11-11 09:59 - 01702400 _____ (Farbar) C:\Documents and Settings\Dodo\Plocha\FRST.exe
2015-11-11 09:59 - 2015-11-11 09:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Dodo\Plocha\FRSTLauncher.exe
2015-11-11 09:50 - 2015-11-11 09:50 - 00000000 ____D C:\rsit
2015-11-11 08:06 - 2015-11-12 02:17 - 00005487 _____ C:\WINDOWS\setupapi.log
2015-11-11 08:04 - 2015-11-11 08:04 - 02329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-11 08:02 - 2015-11-11 08:02 - 00000156 _____ C:\Documents and Settings\Dodo\Dokumenty\cc_20151111_080210.reg
2015-11-10 09:45 - 2015-11-10 09:45 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-11-10 07:41 - 2015-11-10 07:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-10 07:39 - 2015-11-10 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-11-10 07:32 - 2015-11-10 07:36 - 00003664 _____ C:\Documents and Settings\Dodo\Plocha\Rkill.txt
2015-11-08 21:37 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-11-08 21:37 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-11-08 21:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-11-08 21:36 - 2015-11-12 02:23 - 00000000 ____D C:\Qoobox
2015-10-27 21:40 - 2015-10-27 21:40 - 00017171 _____ C:\Documents and Settings\Dodo\Dokumenty\pi5XdLriB.jpeg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-12 19:29 - 2015-09-04 20:37 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\temp
2015-11-12 19:22 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha
2015-11-12 07:53 - 2015-06-23 22:18 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
2015-11-12 02:33 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-11-12 02:33 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-11-12 02:32 - 2014-02-28 09:04 - 00002504 ____C C:\WINDOWS\system32\CONFIG.NT
2015-11-12 02:30 - 2014-02-28 09:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-11-12 02:25 - 2014-02-28 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avira
2015-11-12 02:24 - 2015-08-27 16:48 - 00037223 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-12 02:16 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-12 02:12 - 2014-06-24 18:01 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-12 02:12 - 2014-06-24 18:01 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-12 02:12 - 2014-02-28 09:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-12 02:11 - 2014-02-28 09:17 - 00000178 ___SH C:\Documents and Settings\Dodo\ntuser.ini
2015-11-12 02:10 - 2014-02-28 09:17 - 00000000 ___HD C:\Documents and Settings\Dodo\Local Settings\Data aplikací
2015-11-12 02:01 - 2014-02-28 09:17 - 00000000 __RHD C:\Documents and Settings\Dodo\Data aplikací
2015-11-12 01:59 - 2014-06-24 18:00 - 00032374 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-12 01:13 - 2014-02-28 09:37 - 00000327 ___SH C:\boot.ini
2015-11-12 00:35 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo
2015-11-12 00:32 - 2015-07-18 20:18 - 05638248 ____R (Swearware) C:\Documents and Settings\Dodo\Plocha\ComboFix.exe
2015-11-11 08:48 - 2015-09-11 08:28 - 00002413 _____ C:\Documents and Settings\Dodo\Plocha\Assassin G13.lnk
2015-11-11 08:02 - 2014-02-28 09:17 - 00000000 ___RD C:\Documents and Settings\Dodo\Dokumenty
2015-11-11 08:01 - 2014-03-01 23:42 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-11 08:01 - 2014-02-28 09:00 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-11 08:01 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-11 08:01 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-11-10 09:41 - 2015-04-17 18:35 - 00000000 ____D C:\AdwCleaner
2015-11-10 03:00 - 2015-06-15 18:29 - 00000360 _____ C:\WINDOWS\Tasks\XoftSpySE.job
2015-11-10 02:58 - 2015-07-17 10:32 - 00000000 ____D C:\D přesunute
2015-11-10 02:18 - 2014-05-28 05:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-11-10 02:15 - 2015-09-11 08:19 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\screen shots
2015-11-09 20:36 - 2015-09-11 08:21 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\udrzba PC
2015-11-09 02:11 - 2014-02-28 09:40 - 01249222 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-09 02:05 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-05 01:11 - 2014-04-09 02:23 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-31 00:44 - 2014-02-28 11:47 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Skype
2015-10-30 09:08 - 2014-05-28 03:28 - 00181248 __SHC C:\Documents and Settings\Dodo\Dokumenty\Thumbs.db
2015-10-29 19:06 - 2015-05-04 20:38 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-10-29 09:38 - 2015-08-24 22:17 - 00000000 ____D C:\Documents and Settings\Dodo\Dokumenty\acident
2015-10-28 19:32 - 2014-04-30 01:37 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\vlc
2015-10-28 19:30 - 2014-12-08 08:32 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\uTorrent
2015-10-22 19:24 - 2015-04-16 21:58 - 00000719 _____ C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
2015-10-16 15:36 - 2015-04-13 01:06 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\UmmyVideoDownloader
==================== Files in the root of some directories =======
2014-12-27 04:09 - 2014-12-27 04:08 - 0644490 _____ () C:\Program Files\enzymy složení.jpg
2014-04-02 16:34 - 2015-09-02 23:44 - 0026112 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 10:00 - 2015-11-11 10:00 - 0015327 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
tady je odkaz https://www.virustotal.com/cs/file/c759 ... 447351540/
a log :
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Dodo (administrator) on GROUP-4B24797DB (12-11-2015 19:28:49)
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Black List Software) C:\Program Files\Assassin G13\assassin.exe
(Flux Software LLC) C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [snuvcdsm] => C:\WINDOWS\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Assassin G13] => C:\Program Files\Assassin G13\assassin.exe [1318912 2006-12-21] (Black List Software)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [f.lux] => C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [GoogleChromeAutoLaunch_498CA8CB76697D2490F3CA2E3BD5BAD8] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [SlimDrivers] => C:\Program Files\SlimDrivers\SlimDrivers.exe [29731096 2015-02-27] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [Loaris Trojan Remover] => C:\Program Files\Loaris\Trojan Remover\ltr.exe [9434624 2014-08-15] (Loaris Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2013-05-09] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exesprestrt
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{56F82C23-E7A4-4152-90FF-DA03751B4002}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-854245398-1677128483-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-854245398-1677128483-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2010-01-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-1677128483-842925246-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default\Extensions\abs@avira.com [2015-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-01] [not signed]
FF Extension: No Name - C:\Documents and Settings\Dodo\Data aplikacĂ\Mozilla\Firefox\Profiles\WfXWPG0P.default\extensions\abs@avira.com [not found]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (AdBlock) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Tag Assistant (by Google)) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Fast Video Downloader) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-12] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2067936 2012-04-30] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2015-11-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2015-11-12] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [175176 2015-11-12] ()
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-04-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [815616 2000-01-01] (Conexant Systems Inc.)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82072 2000-01-01] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2010-01-14] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-08-17] (Synaptics Incorporated)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-09-10] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [456704 2010-01-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 nlqrmejr; no ImagePath
S3 poshxhhc; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225856 2010-01-14] (Microsoft Corporation)
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U3 mbr; \??\C:\DOCUME~1\Dodo\LOCALS~1\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-12 19:22 - 2015-11-12 19:22 - 00000401 _____ C:\Documents and Settings\Dodo\Plocha\Addition.txt
2015-11-12 19:21 - 2015-11-12 19:28 - 00014634 _____ C:\Documents and Settings\Dodo\Plocha\FRST.txt
2015-11-12 02:33 - 2015-11-12 02:33 - 00001689 _____ C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2015-11-12 02:33 - 2015-11-12 02:33 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2015-11-12 02:33 - 2015-11-12 02:33 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2015-11-12 02:33 - 2015-11-12 02:33 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2015-11-12 02:33 - 2015-11-12 02:33 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
2015-11-12 02:33 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2015-11-12 02:32 - 2015-11-12 02:33 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-11-12 02:32 - 2015-11-12 02:33 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-11-12 02:32 - 2015-11-12 02:33 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-12 02:32 - 2015-11-12 02:32 - 00000312 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-11-12 02:32 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-12 02:32 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-11-12 02:32 - 2013-05-09 10:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-11-12 02:32 - 2013-05-09 10:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-12 02:32 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-12 02:31 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-12 02:30 - 2015-11-12 02:30 - 00000000 ____D C:\WINDOWS\LastGood
2015-11-12 02:30 - 2015-11-12 02:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2015-11-12 02:23 - 2015-11-12 02:23 - 00009794 _____ C:\ComboFix.txt
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-12 00:56 - 2015-11-12 02:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-12 00:00 - 2015-11-12 00:00 - 05903688 _____ (AVAST Software) C:\Documents and Settings\Dodo\Plocha\avastclear.exe
2015-11-11 10:03 - 2015-11-12 19:28 - 00000000 ____D C:\FRST
2015-11-11 10:00 - 2015-11-11 10:00 - 00015327 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 09:59 - 2015-11-11 09:59 - 01702400 _____ (Farbar) C:\Documents and Settings\Dodo\Plocha\FRST.exe
2015-11-11 09:59 - 2015-11-11 09:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Dodo\Plocha\FRSTLauncher.exe
2015-11-11 09:50 - 2015-11-11 09:50 - 00000000 ____D C:\rsit
2015-11-11 08:06 - 2015-11-12 02:17 - 00005487 _____ C:\WINDOWS\setupapi.log
2015-11-11 08:04 - 2015-11-11 08:04 - 02329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-11 08:02 - 2015-11-11 08:02 - 00000156 _____ C:\Documents and Settings\Dodo\Dokumenty\cc_20151111_080210.reg
2015-11-10 09:45 - 2015-11-10 09:45 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-11-10 07:41 - 2015-11-10 07:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-10 07:39 - 2015-11-10 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-11-10 07:32 - 2015-11-10 07:36 - 00003664 _____ C:\Documents and Settings\Dodo\Plocha\Rkill.txt
2015-11-08 21:37 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-11-08 21:37 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-11-08 21:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-11-08 21:37 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-11-08 21:36 - 2015-11-12 02:23 - 00000000 ____D C:\Qoobox
2015-10-27 21:40 - 2015-10-27 21:40 - 00017171 _____ C:\Documents and Settings\Dodo\Dokumenty\pi5XdLriB.jpeg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-12 19:29 - 2015-09-04 20:37 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\temp
2015-11-12 19:22 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha
2015-11-12 07:53 - 2015-06-23 22:18 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
2015-11-12 02:33 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-11-12 02:33 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-11-12 02:32 - 2014-02-28 09:04 - 00002504 ____C C:\WINDOWS\system32\CONFIG.NT
2015-11-12 02:30 - 2014-02-28 09:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-11-12 02:25 - 2014-02-28 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avira
2015-11-12 02:24 - 2015-08-27 16:48 - 00037223 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-12 02:16 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-12 02:12 - 2014-06-24 18:01 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-12 02:12 - 2014-06-24 18:01 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-12 02:12 - 2014-02-28 09:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-12 02:11 - 2014-02-28 09:17 - 00000178 ___SH C:\Documents and Settings\Dodo\ntuser.ini
2015-11-12 02:10 - 2014-02-28 09:17 - 00000000 ___HD C:\Documents and Settings\Dodo\Local Settings\Data aplikací
2015-11-12 02:01 - 2014-02-28 09:17 - 00000000 __RHD C:\Documents and Settings\Dodo\Data aplikací
2015-11-12 01:59 - 2014-06-24 18:00 - 00032374 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-12 01:13 - 2014-02-28 09:37 - 00000327 ___SH C:\boot.ini
2015-11-12 00:35 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo
2015-11-12 00:32 - 2015-07-18 20:18 - 05638248 ____R (Swearware) C:\Documents and Settings\Dodo\Plocha\ComboFix.exe
2015-11-11 08:48 - 2015-09-11 08:28 - 00002413 _____ C:\Documents and Settings\Dodo\Plocha\Assassin G13.lnk
2015-11-11 08:02 - 2014-02-28 09:17 - 00000000 ___RD C:\Documents and Settings\Dodo\Dokumenty
2015-11-11 08:01 - 2014-03-01 23:42 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-11 08:01 - 2014-02-28 09:00 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-11 08:01 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-11 08:01 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-11-10 09:41 - 2015-04-17 18:35 - 00000000 ____D C:\AdwCleaner
2015-11-10 03:00 - 2015-06-15 18:29 - 00000360 _____ C:\WINDOWS\Tasks\XoftSpySE.job
2015-11-10 02:58 - 2015-07-17 10:32 - 00000000 ____D C:\D přesunute
2015-11-10 02:18 - 2014-05-28 05:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-11-10 02:15 - 2015-09-11 08:19 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\screen shots
2015-11-09 20:36 - 2015-09-11 08:21 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\udrzba PC
2015-11-09 02:11 - 2014-02-28 09:40 - 01249222 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-09 02:05 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-05 01:11 - 2014-04-09 02:23 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-31 00:44 - 2014-02-28 11:47 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Skype
2015-10-30 09:08 - 2014-05-28 03:28 - 00181248 __SHC C:\Documents and Settings\Dodo\Dokumenty\Thumbs.db
2015-10-29 19:06 - 2015-05-04 20:38 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-10-29 09:38 - 2015-08-24 22:17 - 00000000 ____D C:\Documents and Settings\Dodo\Dokumenty\acident
2015-10-28 19:32 - 2014-04-30 01:37 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\vlc
2015-10-28 19:30 - 2014-12-08 08:32 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\uTorrent
2015-10-22 19:24 - 2015-04-16 21:58 - 00000719 _____ C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
2015-10-16 15:36 - 2015-04-13 01:06 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\UmmyVideoDownloader
==================== Files in the root of some directories =======
2014-12-27 04:09 - 2014-12-27 04:08 - 0644490 _____ () C:\Program Files\enzymy složení.jpg
2014-04-02 16:34 - 2015-09-02 23:44 - 0026112 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 10:00 - 2015-11-11 10:00 - 0015327 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.rar
- (342 bajtů) Staženo 45 x
Re: Prosim o pomoc
To je zvláštní . Odinstaloval jsem avast ( v nouzovém režimu - avastcrear ) i aviru a při znovuinstalaci aviry mi hlásí že je v systému nainstalovaný avast . Přitom jej nikde nevidím - ccleaner jej nevidi , v " přidat /odebrat programy " není ani v "program files " je složka avast prázná .
Počítač je stále zpomalený
Počítač je stále zpomalený
Re: Prosim o pomoc
Dle logu to vypada, ze jste Avast 12.11.2015 o pul treti rano nainstaloval a od te doby bezi v plne sile (par minut po tom, co jste sem vlozil log z ComboFixu).
Pouzijte tedy jeste jednou avastclear.exe v nouzovem rezimu a pak udelejte nove logy z FRST.
Log Addition.txt je prazdny - na zkousku nepouzivejte FRSTLauncher, ale spoustejte jen samotny FRST.exe.
Pouzijte tedy jeste jednou avastclear.exe v nouzovem rezimu a pak udelejte nove logy z FRST.
Log Addition.txt je prazdny - na zkousku nepouzivejte FRSTLauncher, ale spoustejte jen samotny FRST.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosim o pomoc
ok děkuji , Teď už by tam avast být neměl .
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Dodo (administrator) on GROUP-4B24797DB (13-11-2015 19:11:33)
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\WINDOWS\snuvcdsm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Flux Software LLC) C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [snuvcdsm] => C:\WINDOWS\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782520 2015-11-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [f.lux] => C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exesprestrt
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-04-16] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-04-16] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-04-16] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{56F82C23-E7A4-4152-90FF-DA03751B4002}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-854245398-1677128483-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2010-01-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-1677128483-842925246-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default\Extensions\abs@avira.com [2015-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-01] [not signed]
FF Extension: No Name - C:\Documents and Settings\Dodo\Data aplikacĂ\Mozilla\Firefox\Profiles\WfXWPG0P.default\extensions\abs@avira.com [not found]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (FB Pixel Helper) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-11-13]
CHR Extension: (AdBlock) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Tag Assistant (by Google)) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Fast Video Downloader) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-12] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [916968 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-11-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1210512 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2067936 2012-04-30] (Atheros Communications, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-04-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [815616 2000-01-01] (Conexant Systems Inc.)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82072 2000-01-01] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2010-01-14] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-08-17] (Synaptics Incorporated)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [456704 2010-01-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 nlqrmejr; no ImagePath
S3 poshxhhc; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225856 2010-01-14] (Microsoft Corporation)
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-13 19:11 - 2015-11-13 19:12 - 00014066 _____ C:\Documents and Settings\Dodo\Plocha\FRST.txt
2015-11-13 09:37 - 2015-11-13 09:37 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Dodo\Plocha\OTM.exe
2015-11-13 09:37 - 2015-11-13 09:37 - 00000000 ____D C:\_OTM
2015-11-13 09:19 - 2015-11-13 09:19 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Avira
2015-11-13 09:18 - 2015-11-13 09:18 - 00001695 _____ C:\Documents and Settings\All Users\Plocha\Avira Antivirus.lnk
2015-11-13 09:18 - 2015-11-13 09:18 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2015-11-13 09:15 - 2015-11-13 09:23 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-11-13 09:15 - 2015-11-13 09:23 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-11-13 09:15 - 2015-11-13 09:15 - 00000000 ____D C:\Program Files\Avira
2015-11-13 09:15 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-13 07:32 - 2015-11-13 09:09 - 00002725 _____ C:\WINDOWS\setupapi.log
2015-11-13 07:31 - 2015-11-13 09:42 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-13 07:31 - 2015-11-13 09:42 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-13 07:31 - 2015-11-13 08:10 - 00000888 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-13 07:31 - 2015-11-13 08:02 - 02329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-13 07:31 - 2015-11-13 07:31 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-11-13 07:29 - 2015-11-13 07:29 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-11-13 07:28 - 2015-11-13 09:41 - 00004033 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-12 02:23 - 2015-11-13 09:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-11-12 00:00 - 2015-11-12 00:00 - 05903688 _____ (AVAST Software) C:\Documents and Settings\Dodo\Plocha\avastclear.exe
2015-11-11 10:03 - 2015-11-13 19:11 - 00000000 ____D C:\FRST
2015-11-11 10:00 - 2015-11-11 10:00 - 00015327 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 09:59 - 2015-11-11 09:59 - 01702400 _____ (Farbar) C:\Documents and Settings\Dodo\Plocha\FRST.exe
2015-11-11 09:59 - 2015-11-11 09:59 - 00112640 _____ C:\Documents and Settings\Dodo\Plocha\FRSTLauncher.exe
2015-11-11 08:02 - 2015-11-11 08:02 - 00000156 _____ C:\Documents and Settings\Dodo\Dokumenty\cc_20151111_080210.reg
2015-11-10 09:45 - 2015-11-10 09:45 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-11-10 07:41 - 2015-11-10 07:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-10 07:39 - 2015-11-10 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-11-10 07:32 - 2015-11-10 07:36 - 00003664 _____ C:\Documents and Settings\Dodo\Plocha\Rkill.txt
2015-10-27 21:40 - 2015-10-27 21:40 - 00017171 _____ C:\Documents and Settings\Dodo\Dokumenty\pi5XdLriB.jpeg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-13 19:12 - 2015-09-04 20:37 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\temp
2015-11-13 19:11 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha
2015-11-13 11:53 - 2015-06-23 22:18 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
2015-11-13 09:41 - 2014-02-28 09:17 - 00000178 ___SH C:\Documents and Settings\Dodo\ntuser.ini
2015-11-13 09:41 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo
2015-11-13 09:41 - 2014-02-28 09:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-13 09:38 - 2015-06-18 03:38 - 00000000 ____D C:\Program Files\trend micro
2015-11-13 09:23 - 2015-09-10 15:24 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-11-13 09:19 - 2014-02-28 09:17 - 00000000 __RHD C:\Documents and Settings\Dodo\Data aplikací
2015-11-13 09:18 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-11-13 09:18 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-11-13 09:15 - 2014-02-28 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avira
2015-11-13 09:14 - 2014-04-30 01:37 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\vlc
2015-11-13 09:07 - 2014-02-28 09:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-11-13 09:05 - 2014-02-28 09:37 - 00000327 ___SH C:\boot.ini
2015-11-13 08:16 - 2014-06-24 17:15 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2015-11-13 07:29 - 2014-03-01 23:42 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-13 07:29 - 2014-02-28 09:00 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-13 07:29 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-13 07:29 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-11-13 06:40 - 2014-04-02 17:47 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-13 06:40 - 2014-04-02 17:47 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-13 03:03 - 2014-05-28 05:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-11-13 03:03 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-12 20:59 - 2014-02-28 09:04 - 00002504 ____C C:\WINDOWS\system32\CONFIG.NT
2015-11-12 02:16 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-12 02:10 - 2014-02-28 09:17 - 00000000 ___HD C:\Documents and Settings\Dodo\Local Settings\Data aplikací
2015-11-11 08:48 - 2015-09-11 08:28 - 00002413 _____ C:\Documents and Settings\Dodo\Plocha\Assassin G13.lnk
2015-11-11 08:02 - 2014-02-28 09:17 - 00000000 ___RD C:\Documents and Settings\Dodo\Dokumenty
2015-11-10 09:41 - 2015-04-17 18:35 - 00000000 ____D C:\AdwCleaner
2015-11-10 03:00 - 2015-06-15 18:29 - 00000360 _____ C:\WINDOWS\Tasks\XoftSpySE.job
2015-11-10 02:58 - 2015-07-17 10:32 - 00000000 ____D C:\D přesunute
2015-11-10 02:15 - 2015-09-11 08:19 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\screen shots
2015-11-09 20:36 - 2015-09-11 08:21 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\udrzba PC
2015-11-09 02:11 - 2014-02-28 09:40 - 01249222 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-05 01:11 - 2014-04-09 02:23 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-31 00:44 - 2014-02-28 11:47 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Skype
2015-10-30 09:08 - 2014-05-28 03:28 - 00181248 __SHC C:\Documents and Settings\Dodo\Dokumenty\Thumbs.db
2015-10-29 19:06 - 2015-05-04 20:38 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-10-29 09:38 - 2015-08-24 22:17 - 00000000 ____D C:\Documents and Settings\Dodo\Dokumenty\acident
2015-10-28 19:30 - 2014-12-08 08:32 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\uTorrent
2015-10-22 19:24 - 2015-04-16 21:58 - 00000719 _____ C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
2015-10-16 15:36 - 2015-04-13 01:06 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\UmmyVideoDownloader
==================== Files in the root of some directories =======
2014-12-27 04:09 - 2014-12-27 04:08 - 0644490 _____ () C:\Program Files\enzymy složení.jpg
2014-04-02 16:34 - 2015-09-02 23:44 - 0026112 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 10:00 - 2015-11-11 10:00 - 0015327 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
Some files in TEMP:
====================
C:\Documents and Settings\Dodo\Local Settings\temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Dodo (administrator) on GROUP-4B24797DB (13-11-2015 19:11:33)
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\WINDOWS\snuvcdsm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Flux Software LLC) C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [snuvcdsm] => C:\WINDOWS\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782520 2015-11-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [f.lux] => C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exesprestrt
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-04-16] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-04-16] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-04-16] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{56F82C23-E7A4-4152-90FF-DA03751B4002}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-854245398-1677128483-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2010-01-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-1677128483-842925246-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default\Extensions\abs@avira.com [2015-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-01] [not signed]
FF Extension: No Name - C:\Documents and Settings\Dodo\Data aplikacĂ\Mozilla\Firefox\Profiles\WfXWPG0P.default\extensions\abs@avira.com [not found]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (FB Pixel Helper) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-11-13]
CHR Extension: (AdBlock) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Tag Assistant (by Google)) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Fast Video Downloader) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-12] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [916968 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-11-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1210512 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2067936 2012-04-30] (Atheros Communications, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-04-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [815616 2000-01-01] (Conexant Systems Inc.)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82072 2000-01-01] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2010-01-14] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-08-17] (Synaptics Incorporated)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [456704 2010-01-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 nlqrmejr; no ImagePath
S3 poshxhhc; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225856 2010-01-14] (Microsoft Corporation)
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-13 19:11 - 2015-11-13 19:12 - 00014066 _____ C:\Documents and Settings\Dodo\Plocha\FRST.txt
2015-11-13 09:37 - 2015-11-13 09:37 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Dodo\Plocha\OTM.exe
2015-11-13 09:37 - 2015-11-13 09:37 - 00000000 ____D C:\_OTM
2015-11-13 09:19 - 2015-11-13 09:19 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Avira
2015-11-13 09:18 - 2015-11-13 09:18 - 00001695 _____ C:\Documents and Settings\All Users\Plocha\Avira Antivirus.lnk
2015-11-13 09:18 - 2015-11-13 09:18 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2015-11-13 09:15 - 2015-11-13 09:23 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-11-13 09:15 - 2015-11-13 09:23 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-11-13 09:15 - 2015-11-13 09:15 - 00000000 ____D C:\Program Files\Avira
2015-11-13 09:15 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-13 07:32 - 2015-11-13 09:09 - 00002725 _____ C:\WINDOWS\setupapi.log
2015-11-13 07:31 - 2015-11-13 09:42 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-13 07:31 - 2015-11-13 09:42 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-13 07:31 - 2015-11-13 08:10 - 00000888 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-13 07:31 - 2015-11-13 08:02 - 02329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-13 07:31 - 2015-11-13 07:31 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-11-13 07:29 - 2015-11-13 07:29 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-11-13 07:28 - 2015-11-13 09:41 - 00004033 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-12 02:23 - 2015-11-13 09:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-12 02:23 - 2015-11-12 02:23 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-11-12 00:00 - 2015-11-12 00:00 - 05903688 _____ (AVAST Software) C:\Documents and Settings\Dodo\Plocha\avastclear.exe
2015-11-11 10:03 - 2015-11-13 19:11 - 00000000 ____D C:\FRST
2015-11-11 10:00 - 2015-11-11 10:00 - 00015327 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 09:59 - 2015-11-11 09:59 - 01702400 _____ (Farbar) C:\Documents and Settings\Dodo\Plocha\FRST.exe
2015-11-11 09:59 - 2015-11-11 09:59 - 00112640 _____ C:\Documents and Settings\Dodo\Plocha\FRSTLauncher.exe
2015-11-11 08:02 - 2015-11-11 08:02 - 00000156 _____ C:\Documents and Settings\Dodo\Dokumenty\cc_20151111_080210.reg
2015-11-10 09:45 - 2015-11-10 09:45 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\SlimWare Utilities Inc
2015-11-10 07:41 - 2015-11-10 07:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-10 07:39 - 2015-11-10 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-11-10 07:32 - 2015-11-10 07:36 - 00003664 _____ C:\Documents and Settings\Dodo\Plocha\Rkill.txt
2015-10-27 21:40 - 2015-10-27 21:40 - 00017171 _____ C:\Documents and Settings\Dodo\Dokumenty\pi5XdLriB.jpeg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-13 19:12 - 2015-09-04 20:37 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\temp
2015-11-13 19:11 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha
2015-11-13 11:53 - 2015-06-23 22:18 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
2015-11-13 09:41 - 2014-02-28 09:17 - 00000178 ___SH C:\Documents and Settings\Dodo\ntuser.ini
2015-11-13 09:41 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo
2015-11-13 09:41 - 2014-02-28 09:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-13 09:38 - 2015-06-18 03:38 - 00000000 ____D C:\Program Files\trend micro
2015-11-13 09:23 - 2015-09-10 15:24 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-11-13 09:19 - 2014-02-28 09:17 - 00000000 __RHD C:\Documents and Settings\Dodo\Data aplikací
2015-11-13 09:18 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-11-13 09:18 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-11-13 09:15 - 2014-02-28 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avira
2015-11-13 09:14 - 2014-04-30 01:37 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\vlc
2015-11-13 09:07 - 2014-02-28 09:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-11-13 09:05 - 2014-02-28 09:37 - 00000327 ___SH C:\boot.ini
2015-11-13 08:16 - 2014-06-24 17:15 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2015-11-13 07:29 - 2014-03-01 23:42 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-13 07:29 - 2014-02-28 09:00 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-13 07:29 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-13 07:29 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-11-13 06:40 - 2014-04-02 17:47 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-13 06:40 - 2014-04-02 17:47 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-13 03:03 - 2014-05-28 05:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-11-13 03:03 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-12 20:59 - 2014-02-28 09:04 - 00002504 ____C C:\WINDOWS\system32\CONFIG.NT
2015-11-12 02:16 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-12 02:10 - 2014-02-28 09:17 - 00000000 ___HD C:\Documents and Settings\Dodo\Local Settings\Data aplikací
2015-11-11 08:48 - 2015-09-11 08:28 - 00002413 _____ C:\Documents and Settings\Dodo\Plocha\Assassin G13.lnk
2015-11-11 08:02 - 2014-02-28 09:17 - 00000000 ___RD C:\Documents and Settings\Dodo\Dokumenty
2015-11-10 09:41 - 2015-04-17 18:35 - 00000000 ____D C:\AdwCleaner
2015-11-10 03:00 - 2015-06-15 18:29 - 00000360 _____ C:\WINDOWS\Tasks\XoftSpySE.job
2015-11-10 02:58 - 2015-07-17 10:32 - 00000000 ____D C:\D přesunute
2015-11-10 02:15 - 2015-09-11 08:19 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\screen shots
2015-11-09 20:36 - 2015-09-11 08:21 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\udrzba PC
2015-11-09 02:11 - 2014-02-28 09:40 - 01249222 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-05 01:11 - 2014-04-09 02:23 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-31 00:44 - 2014-02-28 11:47 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Skype
2015-10-30 09:08 - 2014-05-28 03:28 - 00181248 __SHC C:\Documents and Settings\Dodo\Dokumenty\Thumbs.db
2015-10-29 19:06 - 2015-05-04 20:38 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-10-29 09:38 - 2015-08-24 22:17 - 00000000 ____D C:\Documents and Settings\Dodo\Dokumenty\acident
2015-10-28 19:30 - 2014-12-08 08:32 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\uTorrent
2015-10-22 19:24 - 2015-04-16 21:58 - 00000719 _____ C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
2015-10-16 15:36 - 2015-04-13 01:06 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\Data aplikací\UmmyVideoDownloader
==================== Files in the root of some directories =======
2014-12-27 04:09 - 2014-12-27 04:08 - 0644490 _____ () C:\Program Files\enzymy složení.jpg
2014-04-02 16:34 - 2015-09-02 23:44 - 0026112 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 10:00 - 2015-11-11 10:00 - 0015327 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
Some files in TEMP:
====================
C:\Documents and Settings\Dodo\Local Settings\temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.rar
- (8.53 KiB) Staženo 41 x
Re: Prosim o pomoc
Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/
- Spuste dvojklikem a extrahujte na plochu
- kliknete na Next
- Aktualizujte virovou databazi klikem na Update a pokracujte na Next
- Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
- zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
- kliknete na Cleanup a souhlaste s restartem - Yes
- obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosim o pomoc
děkuji tady je log :
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.11.15.04
rootkit: v2015.11.14.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dodo :: GROUP-4B24797DB [administrator]
15.11.2015 19:18:42
mbar-log-2015-11-15 (19-18-42).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 350140
Time elapsed: 35 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKU\S-1-5-21-854245398-1677128483-842925246-1004\SOFTWARE\XPRepairPro2007 (Rogue.XPRepairPro2007) -> Delete on reboot. [fd53a5d9216a072f94fe7a7444be51af]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.11.15.04
rootkit: v2015.11.14.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dodo :: GROUP-4B24797DB [administrator]
15.11.2015 19:18:42
mbar-log-2015-11-15 (19-18-42).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 350140
Time elapsed: 35 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKU\S-1-5-21-854245398-1677128483-842925246-1004\SOFTWARE\XPRepairPro2007 (Rogue.XPRepairPro2007) -> Delete on reboot. [fd53a5d9216a072f94fe7a7444be51af]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Re: Prosim o pomoc
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosim o pomoc
Děkuji , zde je log
# AdwCleaner v5.021 - Logfile created 16/11/2015 at 19:42:10
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Dodo - GROUP-4B24797DB
# Running from : C:\Documents and Settings\Dodo\Plocha\adwcleaner_5.021.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Documents and Settings\Dodo\Local Settings\Data aplikací\slimware utilities inc
***** [ Files ] *****
[-] File Deleted : C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C12].txt - [1090 bytes] ##########
# AdwCleaner v5.021 - Logfile created 16/11/2015 at 19:42:10
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Dodo - GROUP-4B24797DB
# Running from : C:\Documents and Settings\Dodo\Plocha\adwcleaner_5.021.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Documents and Settings\Dodo\Local Settings\Data aplikací\slimware utilities inc
***** [ Files ] *****
[-] File Deleted : C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C12].txt - [1090 bytes] ##########
Re: Prosim o pomoc
Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz
- http://download.bleepingcomputer.com/grinler/rkill.exe
- http://download.bleepingcomputer.com/grinler/rkill.com
- obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
- nerestartujte ted pocitac jinak prijdete o ucinek rkillu
Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete antiviry a vsechny real-time ochrany
- spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
- s licencnimi podminkami souhlaste - Ano
- pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
- v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
- vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosim o pomoc
Děkuji ,
Při spuštěn Combo fix hlásil že Avast ochrana je spuštěna ( přitom jsem avas již dávno odinstaloval a použil jsem avast clear v nouzovém režimu )
Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/16/2015 11:41:34 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
Checking Windows Service Integrity:
* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic
* Alerter [Missing Service]
* lanmanworkstation [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\sfcfiles.dll : 1 571 840 : 10/09/2009 10:52 AM : ff876311f58c86ec3e1a24f585949c25 [NoSig]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 11/16/2015 11:44:11 PM
Execution time: 0 hours(s), 2 minute(s), and 37 seconds(s)
Při spuštěn Combo fix hlásil že Avast ochrana je spuštěna ( přitom jsem avas již dávno odinstaloval a použil jsem avast clear v nouzovém režimu )
Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/16/2015 11:41:34 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
Checking Windows Service Integrity:
* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic
* Alerter [Missing Service]
* lanmanworkstation [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\sfcfiles.dll : 1 571 840 : 10/09/2009 10:52 AM : ff876311f58c86ec3e1a24f585949c25 [NoSig]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 11/16/2015 11:44:11 PM
Execution time: 0 hours(s), 2 minute(s), and 37 seconds(s)
Přispějete na provoz fóra?