Zdravím
chtěl bych poprosit o kontrolu.
Díky
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by zdenek (administrator) on ZDENEK (02-01-2016 13:57:10)
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-11] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D101B019-1149-45F7-B947-ECD828E8996C}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> DefaultScope {E935F814-347F-4C77-A317-D908FBAFC049} URL = hxxp://search.eshield.com/serp?guid={88BEA63F-2DEA-4FFD-899C-A5D4E371A8A4}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {599FC29B-02A1-483E-802A-EBC67124D879} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E935F814-347F-4C77-A317-D908FBAFC049} URL = hxxp://search.eshield.com/serp?guid={88BEA63F-2DEA-4FFD-899C-A5D4E371A8A4}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-11] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-05-29] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> No Name - {00011268-E188-40DF-A514-835FCD78B1BF} - No File
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-22] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-11]
Opera:
=======
OPR StartupUrls: "hxxp://www.centrum.cz/"
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"eapihdrv" => service could not be unlocked. <===== ATTENTION
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-11] (AVAST Software)
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-03-11] (SafeNet Inc.)
S4 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [425352 2014-03-11] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-19] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-11] (AVAST Software)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-02-02] (Phoenix Technologies) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [234888 2014-03-11] (SafeNet Inc.)
S3 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [26248 2011-03-09] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2015-07-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [25434 2000-01-01] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2013-03-05] (Realtek Semiconductor Corporation )
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S5 eapihdrv; <===== ATTENTION: Locked Service
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-02 13:56 - 2016-01-02 13:57 - 00000000 ____D C:\FRST
2016-01-02 13:04 - 2016-01-02 13:04 - 00000000 ____D C:\Program Files\ESET
2016-01-02 12:38 - 2016-01-02 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-12-27 10:12 - 2015-12-27 10:12 - 00147106 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915-signed.pdf
2015-12-26 13:53 - 2015-12-26 13:53 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Estimate
2015-12-26 13:52 - 2015-12-26 13:52 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\PackageAware
2015-12-21 13:14 - 2015-12-21 13:14 - 00035737 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915.pdf
2015-12-20 09:11 - 2015-12-20 09:11 - 00000000 ____D C:\antitwined
2015-12-20 09:05 - 2015-12-20 09:05 - 00000690 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Anti-Twin.lnk
2015-12-20 08:37 - 2015-12-20 08:37 - 00000060 _____ C:\WINDOWS\Wininit.ini
2015-12-20 08:30 - 2016-01-01 14:00 - 00019882 _____ C:\WINDOWS\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-77f3-1
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-0ca1-0
2015-12-20 08:19 - 2015-12-20 09:20 - 00000000 ____D C:\WINDOWS\system32\oodag
2015-12-20 08:18 - 2015-12-20 08:18 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\O&O
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Program Files\OO Software
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\O&O Software
2015-12-20 08:06 - 2015-12-20 09:47 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Smart PC Solutions
2015-12-19 09:29 - 2015-12-19 09:29 - 00042496 _____ C:\Documents and Settings\zdenek\Plocha\rozpočet_Pavel_Calta.xls
2015-12-17 17:05 - 2015-12-17 19:14 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Nová složka (2)
2015-12-16 19:58 - 2015-12-26 12:10 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\vlc
2015-12-16 19:58 - 2015-12-16 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\VideoLAN
2015-12-11 13:53 - 2015-12-11 13:52 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-11 13:52 - 2015-12-11 13:52 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-07 10:39 - 2015-12-07 12:24 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\p. juhas
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-02 13:57 - 2015-03-14 18:42 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Temp
2016-01-02 13:57 - 2013-08-09 06:39 - 00000000 ___RD C:\Documents and Settings\zdenek\Plocha\Čištění
2016-01-02 13:56 - 2013-08-07 07:43 - 00000000 ____D C:\WINDOWS
2016-01-02 13:56 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha
2016-01-02 13:54 - 2015-10-14 07:09 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-01-02 13:19 - 2013-11-14 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2016-01-02 12:38 - 2013-08-07 07:50 - 00000000 ____D C:\Documents and Settings\All Users
2016-01-02 11:03 - 2013-08-07 06:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-02 09:49 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek
2016-01-01 21:37 - 2013-08-07 06:08 - 00000178 ___SH C:\Documents and Settings\zdenek\ntuser.ini
2016-01-01 21:37 - 2013-08-07 06:06 - 00032622 ____N C:\WINDOWS\SchedLgU.Txt
2016-01-01 20:39 - 2013-07-26 12:22 - 00100352 _____ C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-01 13:08 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-31 11:26 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Skype
2015-12-30 13:33 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-12-30 13:32 - 2015-06-27 16:22 - 00000000 ___RD C:\Program Files\Skype
2015-12-30 13:32 - 2014-02-20 19:51 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Skype
2015-12-30 13:32 - 2013-08-07 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-12-30 11:18 - 2014-08-03 18:44 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 11:18 - 2013-08-09 18:31 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-30 11:18 - 2013-08-09 18:31 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-27 07:30 - 2013-08-07 07:51 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-12-26 13:53 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Local Settings\Data aplikací
2015-12-21 13:07 - 2015-10-20 12:14 - 00000000 ____D C:\AdmWin
2015-12-21 07:07 - 2015-10-02 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-12-21 07:07 - 2013-08-09 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Grafika
2015-12-20 09:29 - 2013-10-27 06:34 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\TEMP
2015-12-20 09:26 - 2014-02-01 07:56 - 00000000 ____D C:\Documents and Settings\zdenek\Dokumenty\ShareX
2015-12-20 09:26 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Šablony
2015-12-20 09:05 - 2014-09-28 05:57 - 00000000 ____D C:\Program Files\AntiTwin
2015-12-20 08:39 - 2015-11-18 07:28 - 00000000 ____D C:\Program Files\SpeedFan
2015-12-20 08:39 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Nabídka Start\Programy
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\ConMet
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ConMet
2015-12-20 08:36 - 2013-08-07 06:08 - 00000000 __RHD C:\Documents and Settings\zdenek\Data aplikací
2015-12-20 08:17 - 2013-08-23 06:43 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Downloaded Installations
2015-12-20 08:13 - 2013-08-07 07:50 - 00000211 __RSH C:\boot.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000649 _____ C:\WINDOWS\win.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-20 06:49 - 2013-08-10 07:05 - 00000000 ____D C:\Program Files\CCleaner
2015-12-19 01:53 - 2015-10-14 07:09 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-19 01:53 - 2015-10-14 07:09 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-18 07:28 - 2013-08-10 06:11 - 00000000 ____D C:\Program Files\Opera
2015-12-12 08:15 - 2013-08-20 15:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-12 08:14 - 2013-08-10 09:05 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-11 13:55 - 2013-08-07 07:43 - 00000000 ___HD C:\WINDOWS\inf
2015-12-11 13:52 - 2015-10-14 07:09 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
==================== Files in the root of some directories =======
2013-11-03 08:06 - 2013-11-03 08:25 - 0000000 ____C () C:\Documents and Settings\zdenek\Data aplikací\bitlord_log.txt
2013-07-26 12:22 - 2016-01-01 20:39 - 0100352 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 20:37 - 2015-03-07 20:37 - 0000830 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\recently-used.xbel
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 ____C () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\setup.txt
2013-08-10 10:59 - 2013-08-10 10:59 - 0000057 ____C () C:\Documents and Settings\All Users\Data aplikací\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
Some files in TEMP:
====================
C:\Documents and Settings\zdenek\Local Settings\Temp\kis_setup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
zdenek72
- 3. Stupeň Varování
- Příspěvky: 106
- Registrován: 09 úno 2010 15:18
- Bydliště: Plzen, Czech Republic
- Kontaktovat uživatele:
Re: Prosím o kontrolu
# AdwCleaner v5.027 - Logfile created 02/01/2016 at 16:38:02
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : zdenek - ZDENEK
# Running from : C:\Documents and Settings\zdenek\Plocha\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Documents and Settings\zdenek\Data aplikací\Solvusoft
[-] Folder Deleted : C:\Documents and Settings\zdenek\Local Settings\Data aplikací\PackageAware
[-] Folder Deleted : C:\Documents and Settings\zdenek\Local Settings\Data aplikací\slimware utilities inc
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{00011268-E188-40DF-A514-835FCD78B1BF}]
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\SlimWare Utilities Inc
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E935F814-347F-4C77-A317-D908FBAFC049}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E935F814-347F-4C77-A317-D908FBAFC049}
[-] Data Restored : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5837 bytes] ##########
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : zdenek - ZDENEK
# Running from : C:\Documents and Settings\zdenek\Plocha\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Documents and Settings\zdenek\Data aplikací\Solvusoft
[-] Folder Deleted : C:\Documents and Settings\zdenek\Local Settings\Data aplikací\PackageAware
[-] Folder Deleted : C:\Documents and Settings\zdenek\Local Settings\Data aplikací\slimware utilities inc
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{00011268-E188-40DF-A514-835FCD78B1BF}]
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\SlimWare Utilities Inc
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E935F814-347F-4C77-A317-D908FBAFC049}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E935F814-347F-4C77-A317-D908FBAFC049}
[-] Data Restored : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5837 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
zdenek72
- 3. Stupeň Varování
- Příspěvky: 106
- Registrován: 09 úno 2010 15:18
- Bydliště: Plzen, Czech Republic
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by zdenek (administrator) on ZDENEK (02-01-2016 16:49:22)
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Opera Software) C:\Program Files\Opera\opera.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-11] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D101B019-1149-45F7-B947-ECD828E8996C}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {599FC29B-02A1-483E-802A-EBC67124D879} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-11] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-05-29] (Společnost Microsoft)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-22] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-11]
Opera:
=======
OPR StartupUrls: "hxxp://www.centrum.cz/"
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-11] (AVAST Software)
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-03-11] (SafeNet Inc.)
S4 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [425352 2014-03-11] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-19] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-11] (AVAST Software)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-02-02] (Phoenix Technologies) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [234888 2014-03-11] (SafeNet Inc.)
S3 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [26248 2011-03-09] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2015-07-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [25434 2000-01-01] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2013-03-05] (Realtek Semiconductor Corporation )
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-02 16:33 - 2016-01-02 16:38 - 00000000 ____D C:\AdwCleaner
2016-01-02 16:31 - 2016-01-02 16:32 - 01745920 _____ C:\Documents and Settings\zdenek\Plocha\adwcleaner_5.027.exe
2016-01-02 13:56 - 2016-01-02 16:49 - 00000000 ____D C:\FRST
2016-01-02 13:04 - 2016-01-02 13:04 - 00000000 ____D C:\Program Files\ESET
2016-01-02 12:38 - 2016-01-02 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-12-27 10:12 - 2015-12-27 10:12 - 00147106 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915-signed.pdf
2015-12-26 13:53 - 2015-12-26 13:53 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Estimate
2015-12-21 13:14 - 2015-12-21 13:14 - 00035737 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915.pdf
2015-12-20 09:11 - 2015-12-20 09:11 - 00000000 ____D C:\antitwined
2015-12-20 09:05 - 2015-12-20 09:05 - 00000690 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Anti-Twin.lnk
2015-12-20 08:37 - 2015-12-20 08:37 - 00000060 _____ C:\WINDOWS\Wininit.ini
2015-12-20 08:30 - 2016-01-02 14:00 - 00019882 _____ C:\WINDOWS\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-77f3-1
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-0ca1-0
2015-12-20 08:19 - 2015-12-20 09:20 - 00000000 ____D C:\WINDOWS\system32\oodag
2015-12-20 08:18 - 2015-12-20 08:18 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\O&O
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Program Files\OO Software
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\O&O Software
2015-12-20 08:06 - 2015-12-20 09:47 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Smart PC Solutions
2015-12-19 09:29 - 2015-12-19 09:29 - 00042496 _____ C:\Documents and Settings\zdenek\Plocha\rozpočet_Pavel_Calta.xls
2015-12-17 17:05 - 2015-12-17 19:14 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Nová složka (2)
2015-12-16 19:58 - 2015-12-26 12:10 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\vlc
2015-12-16 19:58 - 2015-12-16 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\VideoLAN
2015-12-11 13:53 - 2015-12-11 13:52 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-11 13:52 - 2015-12-11 13:52 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-07 10:39 - 2015-12-07 12:24 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\p. juhas
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-02 16:49 - 2015-03-14 18:42 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Temp
2016-01-02 16:49 - 2013-08-09 06:39 - 00000000 ___RD C:\Documents and Settings\zdenek\Plocha\Čištění
2016-01-02 16:49 - 2013-08-07 07:43 - 00000000 ____D C:\WINDOWS
2016-01-02 16:48 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha
2016-01-02 16:41 - 2015-10-14 07:09 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-01-02 16:40 - 2013-08-07 06:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-02 16:39 - 2013-08-07 06:08 - 00000178 ___SH C:\Documents and Settings\zdenek\ntuser.ini
2016-01-02 16:39 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek
2016-01-02 16:39 - 2013-08-07 06:06 - 00032622 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-02 16:38 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Local Settings\Data aplikací
2016-01-02 15:21 - 2013-07-26 12:22 - 00099328 _____ C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-02 13:19 - 2013-11-14 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2016-01-02 12:38 - 2013-08-07 07:50 - 00000000 ____D C:\Documents and Settings\All Users
2016-01-01 13:08 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-31 11:26 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Skype
2015-12-30 13:33 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-12-30 13:32 - 2015-06-27 16:22 - 00000000 ___RD C:\Program Files\Skype
2015-12-30 13:32 - 2014-02-20 19:51 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Skype
2015-12-30 13:32 - 2013-08-07 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-12-30 11:18 - 2014-08-03 18:44 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 11:18 - 2013-08-09 18:31 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-30 11:18 - 2013-08-09 18:31 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-27 07:30 - 2013-08-07 07:51 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-12-21 13:07 - 2015-10-20 12:14 - 00000000 ____D C:\AdmWin
2015-12-21 07:07 - 2015-10-02 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-12-21 07:07 - 2013-08-09 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Grafika
2015-12-20 09:29 - 2013-10-27 06:34 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\TEMP
2015-12-20 09:26 - 2014-02-01 07:56 - 00000000 ____D C:\Documents and Settings\zdenek\Dokumenty\ShareX
2015-12-20 09:26 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Šablony
2015-12-20 09:05 - 2014-09-28 05:57 - 00000000 ____D C:\Program Files\AntiTwin
2015-12-20 08:39 - 2015-11-18 07:28 - 00000000 ____D C:\Program Files\SpeedFan
2015-12-20 08:39 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Nabídka Start\Programy
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\ConMet
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ConMet
2015-12-20 08:36 - 2013-08-07 06:08 - 00000000 __RHD C:\Documents and Settings\zdenek\Data aplikací
2015-12-20 08:17 - 2013-08-23 06:43 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Downloaded Installations
2015-12-20 08:13 - 2013-08-07 07:50 - 00000211 __RSH C:\boot.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000649 _____ C:\WINDOWS\win.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-20 06:49 - 2013-08-10 07:05 - 00000000 ____D C:\Program Files\CCleaner
2015-12-19 01:53 - 2015-10-14 07:09 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-19 01:53 - 2015-10-14 07:09 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-18 07:28 - 2013-08-10 06:11 - 00000000 ____D C:\Program Files\Opera
2015-12-12 08:15 - 2013-08-20 15:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-12 08:14 - 2013-08-10 09:05 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-11 13:55 - 2013-08-07 07:43 - 00000000 ___HD C:\WINDOWS\inf
2015-12-11 13:52 - 2015-10-14 07:09 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
==================== Files in the root of some directories =======
2013-11-03 08:06 - 2013-11-03 08:25 - 0000000 ____C () C:\Documents and Settings\zdenek\Data aplikací\bitlord_log.txt
2013-07-26 12:22 - 2016-01-02 15:21 - 0099328 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 20:37 - 2015-03-07 20:37 - 0000830 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\recently-used.xbel
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 ____C () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\setup.txt
2013-08-10 10:59 - 2013-08-10 10:59 - 0000057 ____C () C:\Documents and Settings\All Users\Data aplikací\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
Some files in TEMP:
====================
C:\Documents and Settings\zdenek\Local Settings\Temp\kis_setup.exe
C:\Documents and Settings\zdenek\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Ran by zdenek (administrator) on ZDENEK (02-01-2016 16:49:22)
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Opera Software) C:\Program Files\Opera\opera.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-11] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D101B019-1149-45F7-B947-ECD828E8996C}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {599FC29B-02A1-483E-802A-EBC67124D879} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-11] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-05-29] (Společnost Microsoft)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-22] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-11]
Opera:
=======
OPR StartupUrls: "hxxp://www.centrum.cz/"
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-11] (AVAST Software)
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-03-11] (SafeNet Inc.)
S4 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [425352 2014-03-11] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-19] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-11] (AVAST Software)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-02-02] (Phoenix Technologies) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [234888 2014-03-11] (SafeNet Inc.)
S3 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [26248 2011-03-09] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2015-07-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [25434 2000-01-01] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2013-03-05] (Realtek Semiconductor Corporation )
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-02 16:33 - 2016-01-02 16:38 - 00000000 ____D C:\AdwCleaner
2016-01-02 16:31 - 2016-01-02 16:32 - 01745920 _____ C:\Documents and Settings\zdenek\Plocha\adwcleaner_5.027.exe
2016-01-02 13:56 - 2016-01-02 16:49 - 00000000 ____D C:\FRST
2016-01-02 13:04 - 2016-01-02 13:04 - 00000000 ____D C:\Program Files\ESET
2016-01-02 12:38 - 2016-01-02 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-12-27 10:12 - 2015-12-27 10:12 - 00147106 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915-signed.pdf
2015-12-26 13:53 - 2015-12-26 13:53 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Estimate
2015-12-21 13:14 - 2015-12-21 13:14 - 00035737 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915.pdf
2015-12-20 09:11 - 2015-12-20 09:11 - 00000000 ____D C:\antitwined
2015-12-20 09:05 - 2015-12-20 09:05 - 00000690 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Anti-Twin.lnk
2015-12-20 08:37 - 2015-12-20 08:37 - 00000060 _____ C:\WINDOWS\Wininit.ini
2015-12-20 08:30 - 2016-01-02 14:00 - 00019882 _____ C:\WINDOWS\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-77f3-1
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-0ca1-0
2015-12-20 08:19 - 2015-12-20 09:20 - 00000000 ____D C:\WINDOWS\system32\oodag
2015-12-20 08:18 - 2015-12-20 08:18 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\O&O
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Program Files\OO Software
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\O&O Software
2015-12-20 08:06 - 2015-12-20 09:47 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Smart PC Solutions
2015-12-19 09:29 - 2015-12-19 09:29 - 00042496 _____ C:\Documents and Settings\zdenek\Plocha\rozpočet_Pavel_Calta.xls
2015-12-17 17:05 - 2015-12-17 19:14 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Nová složka (2)
2015-12-16 19:58 - 2015-12-26 12:10 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\vlc
2015-12-16 19:58 - 2015-12-16 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\VideoLAN
2015-12-11 13:53 - 2015-12-11 13:52 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-11 13:52 - 2015-12-11 13:52 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-07 10:39 - 2015-12-07 12:24 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\p. juhas
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-02 16:49 - 2015-03-14 18:42 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Temp
2016-01-02 16:49 - 2013-08-09 06:39 - 00000000 ___RD C:\Documents and Settings\zdenek\Plocha\Čištění
2016-01-02 16:49 - 2013-08-07 07:43 - 00000000 ____D C:\WINDOWS
2016-01-02 16:48 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha
2016-01-02 16:41 - 2015-10-14 07:09 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-01-02 16:40 - 2013-08-07 06:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-02 16:39 - 2013-08-07 06:08 - 00000178 ___SH C:\Documents and Settings\zdenek\ntuser.ini
2016-01-02 16:39 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek
2016-01-02 16:39 - 2013-08-07 06:06 - 00032622 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-02 16:38 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Local Settings\Data aplikací
2016-01-02 15:21 - 2013-07-26 12:22 - 00099328 _____ C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-02 13:19 - 2013-11-14 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2016-01-02 12:38 - 2013-08-07 07:50 - 00000000 ____D C:\Documents and Settings\All Users
2016-01-01 13:08 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-31 11:26 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Skype
2015-12-30 13:33 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-12-30 13:32 - 2015-06-27 16:22 - 00000000 ___RD C:\Program Files\Skype
2015-12-30 13:32 - 2014-02-20 19:51 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Skype
2015-12-30 13:32 - 2013-08-07 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-12-30 11:18 - 2014-08-03 18:44 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 11:18 - 2013-08-09 18:31 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-30 11:18 - 2013-08-09 18:31 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-27 07:30 - 2013-08-07 07:51 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-12-21 13:07 - 2015-10-20 12:14 - 00000000 ____D C:\AdmWin
2015-12-21 07:07 - 2015-10-02 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-12-21 07:07 - 2013-08-09 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Grafika
2015-12-20 09:29 - 2013-10-27 06:34 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\TEMP
2015-12-20 09:26 - 2014-02-01 07:56 - 00000000 ____D C:\Documents and Settings\zdenek\Dokumenty\ShareX
2015-12-20 09:26 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Šablony
2015-12-20 09:05 - 2014-09-28 05:57 - 00000000 ____D C:\Program Files\AntiTwin
2015-12-20 08:39 - 2015-11-18 07:28 - 00000000 ____D C:\Program Files\SpeedFan
2015-12-20 08:39 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Nabídka Start\Programy
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\ConMet
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ConMet
2015-12-20 08:36 - 2013-08-07 06:08 - 00000000 __RHD C:\Documents and Settings\zdenek\Data aplikací
2015-12-20 08:17 - 2013-08-23 06:43 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Downloaded Installations
2015-12-20 08:13 - 2013-08-07 07:50 - 00000211 __RSH C:\boot.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000649 _____ C:\WINDOWS\win.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-20 06:49 - 2013-08-10 07:05 - 00000000 ____D C:\Program Files\CCleaner
2015-12-19 01:53 - 2015-10-14 07:09 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-19 01:53 - 2015-10-14 07:09 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-18 07:28 - 2013-08-10 06:11 - 00000000 ____D C:\Program Files\Opera
2015-12-12 08:15 - 2013-08-20 15:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-12 08:14 - 2013-08-10 09:05 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-11 13:55 - 2013-08-07 07:43 - 00000000 ___HD C:\WINDOWS\inf
2015-12-11 13:52 - 2015-10-14 07:09 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
==================== Files in the root of some directories =======
2013-11-03 08:06 - 2013-11-03 08:25 - 0000000 ____C () C:\Documents and Settings\zdenek\Data aplikací\bitlord_log.txt
2013-07-26 12:22 - 2016-01-02 15:21 - 0099328 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 20:37 - 2015-03-07 20:37 - 0000830 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\recently-used.xbel
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 ____C () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\setup.txt
2013-08-10 10:59 - 2013-08-10 10:59 - 0000057 ____C () C:\Documents and Settings\All Users\Data aplikací\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
Some files in TEMP:
====================
C:\Documents and Settings\zdenek\Local Settings\Temp\kis_setup.exe
C:\Documents and Settings\zdenek\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Documents and Settings\zdenek\Plocha\Čištění jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
C:\Documents and Settings\zdenek\Local Settings\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
zdenek72
- 3. Stupeň Varování
- Příspěvky: 106
- Registrován: 09 úno 2010 15:18
- Bydliště: Plzen, Czech Republic
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Fix result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by zdenek (2016-01-02 18:20:49) Run:1
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
C:\Documents and Settings\zdenek\Local Settings\Temp
End
*****************
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera.exe\shell\open\command\\Default => value restored successfully
exaclojc => service removed successfully.
hcdb => service removed successfully.
UltraMonMirror => service removed successfully.
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job => moved successfully
C:\Documents and Settings\zdenek\Local Settings\Temp => moved successfully
==== End of Fixlog 18:20:49 ====
Ran by zdenek (2016-01-02 18:20:49) Run:1
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
C:\Documents and Settings\zdenek\Local Settings\Temp
End
*****************
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera.exe\shell\open\command\\Default => value restored successfully
exaclojc => service removed successfully.
hcdb => service removed successfully.
UltraMonMirror => service removed successfully.
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job => moved successfully
C:\Documents and Settings\zdenek\Local Settings\Temp => moved successfully
==== End of Fixlog 18:20:49 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Vše smazáno. PC by již měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
zdenek72
- 3. Stupeň Varování
- Příspěvky: 106
- Registrován: 09 úno 2010 15:18
- Bydliště: Plzen, Czech Republic
- Kontaktovat uživatele:
Re: Prosím o kontrolu
díky moc
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?