VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by Patrik at 2015-09-13 19:59:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (40%) free of 25 GB
Total RAM: 2046 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:43, on 13.9.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
H:\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
H:\Avast\AvastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
H:\Mozilla Firefox\firefox.exe
H:\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Patrik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - H:\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "H:\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CCleaner Monitoring] "H:\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - H:\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3197 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - H:\Avast\AvastEmUpdate.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Patrik\Data aplikací\Mozilla\Firefox\Profiles\y3zxxst8.default-1439283370250

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=H:\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=H:\Adobe\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - H:\Avast\aswWebRepIE.dll [2015-08-10 559624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=H:\Avast\AvastUI.exe [2015-08-10 6109776]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=H:\CCleaner\CCleaner.exe [2015-07-17 6453528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
H:\CCleaner\CCleaner.exe [2015-07-17 6453528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2010-07-28 19557480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\uTorrent\utorrent.exe"="H:\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"H:\Mozilla Firefox\firefox.exe"="H:\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (H:\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=serwvdrv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.WMV3"=wmv9vcm.dll
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"VIDC.IV41"=IR41_32.AX
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.ffds"=ffdshow.ax
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2015-09-13 19:59:10 ----D---- C:\Program Files\trend micro
2015-09-13 19:59:09 ----D---- C:\rsit
2015-09-09 13:56:30 ----D---- C:\Documents and Settings\Patrik\Data aplikací\Malwarebytes
2015-09-09 13:31:17 ----SHD---- C:\RECYCLER
2015-09-07 15:14:28 ----A---- C:\ComboFix.txt
2015-09-07 14:56:34 ----A---- C:\Boot.bak
2015-09-07 14:56:23 ----RASHD---- C:\cmdcons
2015-09-07 14:53:09 ----A---- C:\WINDOWS\zip.exe
2015-09-07 14:53:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2015-09-07 14:53:09 ----A---- C:\WINDOWS\SWSC.exe
2015-09-07 14:53:09 ----A---- C:\WINDOWS\SWREG.exe
2015-09-07 14:53:09 ----A---- C:\WINDOWS\sed.exe
2015-09-07 14:53:09 ----A---- C:\WINDOWS\PEV.exe
2015-09-07 14:53:09 ----A---- C:\WINDOWS\NIRCMD.exe
2015-09-07 14:53:09 ----A---- C:\WINDOWS\MBR.exe
2015-09-07 14:53:09 ----A---- C:\WINDOWS\grep.exe
2015-09-07 14:52:49 ----AD---- C:\Qoobox
2015-09-07 14:51:52 ----D---- C:\WINDOWS\erdnt
2015-08-23 12:33:06 ----D---- C:\Program Files\Microsoft Office
2015-08-19 09:47:20 ----A---- C:\WINDOWS\ntbtlog.txt
2015-08-14 17:05:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-08-14 17:04:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-08-14 16:50:09 ----D---- C:\AdwCleaner
2015-08-14 16:45:37 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2015-09-13 19:59:18 ----D---- C:\WINDOWS\Prefetch
2015-09-13 19:59:10 ----D---- C:\Program Files
2015-09-13 19:57:29 ----D---- C:\WINDOWS\system32\drivers
2015-09-13 14:41:28 ----D---- C:\WINDOWS\system32
2015-09-13 14:30:16 ----D---- C:\WINDOWS\temp
2015-09-10 17:09:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-09-07 15:09:30 ----D---- C:\WINDOWS
2015-09-07 15:09:30 ----A---- C:\WINDOWS\system.ini
2015-09-07 15:09:12 ----D---- C:\WINDOWS\system32\drivers\etc
2015-09-07 15:08:04 ----DC---- C:\WINDOWS\system32\dllcache
2015-09-07 15:04:03 ----D---- C:\WINDOWS\AppPatch
2015-09-07 15:03:58 ----D---- C:\Program Files\Common Files
2015-09-07 14:57:15 ----D---- C:\WINDOWS\system32\CatRoot2
2015-09-07 14:56:34 ----RASH---- C:\boot.ini
2015-09-01 11:15:23 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-08-23 12:33:11 ----SHD---- C:\WINDOWS\Installer
2015-08-23 12:33:11 ----D---- C:\Config.Msi
2015-08-23 11:46:23 ----D---- C:\Documents and Settings\Patrik\Data aplikací\vlc
2015-08-20 00:37:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-08-15 19:50:15 ----D---- C:\WINDOWS\Debug
2015-08-14 16:47:56 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-08-10 49776]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-08-10 208664]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-03-18 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2015-08-10 55200]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2015-08-10 788784]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2015-08-10 433264]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-08-10 24016]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-08-10 76000]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-11-03 271360]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-11-03 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswStmXP;Avast StreamFilter Driver; C:\WINDOWS\system32\drivers\aswStmXP.sys [2015-08-10 161472]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-07-28 6108776]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 ambfilt;ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2015-08-10 57888]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 catchme;catchme; \??\C:\DOCUME~1\Patrik\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 monfilt;monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
S3 pgfilter;pgfilter; \??\H:\PeerGuardian2\pgfilter.sys []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; H:\Avast\AvastSvc.exe [2015-08-10 146600]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14 269000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-30 149160]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-09-2015 01
Ran by Patrik (administrator) on NASA (13-09-2015 20:02:25)
Running from H:\Stažené soubory
Loaded Profiles: Patrik (Available Profiles: Patrik)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
Failed to access process -> firefox.exe
Failed to access process -> FRST.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => H:\Avast\AvastUI.exe [6109776 2015-08-10] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKU\S-1-5-21-839522115-1336601894-725345543-1003\...\Run: [CCleaner Monitoring] => H:\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => H:\Avast\ashShell.dll [2015-08-10] (AVAST Software)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{98A2056B-DAD0-4C1A-A75C-1BF0B5AA15B0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F8EAF8EF-012B-4A18-A55B-8C4E9936C4C2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-839522115-1336601894-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> H:\Avast\aswWebRepIE.dll [2015-08-10] (AVAST Software)
Toolbar: HKU\S-1-5-21-839522115-1336601894-725345543-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Patrik\Data aplikací\Mozilla\Firefox\Profiles\y3zxxst8.default-1439283370250
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll [2007-10-20] (DivX,Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> H:\Adobe\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - H:\Avast\WebRep\FF
FF Extension: Avast Online Security - H:\Avast\WebRep\FF [2015-06-24]
StartMenuInternet: FIREFOX.EXE - H:\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - H:\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - H:\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; H:\Avast\AvastSvc.exe [146600 2015-08-10] (AVAST Software)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
S3 ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-10] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-10] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-10] (AVAST Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [271360 2010-11-03] () [File not signed]
S3 basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [67167 2001-08-17] (Conexant)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [289887 2001-08-17] (Conexant)
R2 Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [115807 2001-08-17] (Conexant)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)
S3 hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R2 K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [391199 2001-08-17] (Conexant)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [18048 2010-11-03] () [File not signed]
S3 monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-03] (NVIDIA Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)
S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-05-17] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [57471 2001-08-17] (Conexant)
R2 SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [199711 2001-08-17] (Conexant)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R2 SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [73279 2001-08-17] (Conexant)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2009-03-18] () [File not signed]
R2 Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [50751 2001-08-17] (Conexant)
R2 V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [488383 2001-08-17] (Conexant)
S3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-03] (Conexant Systems, Inc.)
S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [X]
S3 catchme; \??\C:\DOCUME~1\Patrik\LOCALS~1\Temp\catchme.sys [X]
U5 NwlnkIpx; C:\Windows\System32\Drivers\NwlnkIpx.sys [88320 2008-04-13] (Microsoft Corporation)
S3 pgfilter; \??\H:\PeerGuardian2\pgfilter.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 19:59 - 2015-09-13 20:00 - 00000000 ____D C:\Program Files\trend micro
2015-09-13 19:59 - 2015-09-13 19:59 - 00000000 ____D C:\rsit
2015-09-09 13:56 - 2015-09-09 13:56 - 00000000 ____D C:\Documents and Settings\Patrik\Data aplikací\Malwarebytes
2015-09-07 15:14 - 2015-09-13 20:03 - 00000000 ____D C:\Documents and Settings\Patrik\Local Settings\temp
2015-09-07 15:14 - 2015-09-07 15:14 - 00014210 _____ C:\ComboFix.txt
2015-09-07 15:14 - 2015-09-07 15:14 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-07 15:14 - 2015-09-07 15:14 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-09-07 15:14 - 2015-09-07 15:14 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-09-07 14:56 - 2015-09-07 14:56 - 00000000 _RSHD C:\cmdcons
2015-09-07 14:56 - 2011-02-20 18:22 - 00000211 _____ C:\Boot.bak
2015-09-07 14:56 - 2004-08-03 23:00 - 00261312 __RSH C:\cmldr
2015-09-07 14:53 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-09-07 14:53 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-09-07 14:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-09-07 14:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-09-07 14:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-09-07 14:53 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-09-07 14:53 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-09-07 14:53 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-09-07 14:53 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-09-07 14:52 - 2015-09-07 15:14 - 00000000 ____D C:\Qoobox
2015-09-07 14:51 - 2015-09-07 15:10 - 00000000 ____D C:\WINDOWS\erdnt
2015-08-23 12:33 - 2015-08-23 12:33 - 00000000 ____D C:\Program Files\Microsoft Office
2015-08-23 11:35 - 2015-08-23 11:35 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\HD Tune
2015-08-14 17:05 - 2015-08-14 17:05 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-08-14 17:04 - 2015-08-18 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-08-14 16:50 - 2015-08-14 16:54 - 00000000 ____D C:\AdwCleaner
2015-08-14 16:45 - 2015-08-14 16:45 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 20:02 - 2015-08-12 10:25 - 00000000 ____D C:\FRST
2015-09-13 19:57 - 2003-01-05 22:08 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-09-13 19:57 - 2003-01-05 22:08 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-09-13 19:45 - 2015-06-24 00:25 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-13 19:31 - 2012-11-15 22:46 - 01602108 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 19:04 - 2015-06-24 03:00 - 00000306 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-09-13 14:43 - 2015-07-10 20:18 - 00000000 ____D C:\Documents and Settings\Patrik\Plocha\Doučování - Klára
2015-09-13 14:30 - 2010-01-11 23:17 - 00267725 _____ C:\WINDOWS\system32\NvApps.xml
2015-09-13 14:30 - 2003-01-05 22:11 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 14:30 - 2003-01-05 22:11 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-13 14:30 - 2001-10-25 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-13 14:29 - 2003-01-05 21:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-11 00:08 - 2003-01-05 22:00 - 00000178 ___SH C:\Documents and Settings\Patrik\ntuser.ini
2015-09-10 17:09 - 2003-01-05 21:59 - 00032520 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-09 13:56 - 2003-01-05 22:00 - 00000000 ___HD C:\Documents and Settings\Patrik\Data aplikací
2015-09-07 18:44 - 2003-01-05 21:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-09-07 15:09 - 2001-10-25 14:00 - 00000270 _____ C:\WINDOWS\system.ini
2015-09-07 14:56 - 2010-02-18 21:10 - 00000328 __RSH C:\boot.ini
2015-09-07 13:22 - 2003-01-05 22:00 - 00000000 ____D C:\Documents and Settings\Patrik\Plocha
2015-09-02 15:38 - 2015-06-24 02:20 - 00002319 _____ C:\Documents and Settings\Patrik\Plocha\Microsoft Word 2007.lnk
2015-09-01 13:04 - 2009-01-15 22:08 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-09-01 11:15 - 2015-06-24 01:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-23 11:46 - 2015-06-24 02:07 - 00000000 ____D C:\Documents and Settings\Patrik\Data aplikací\vlc
2015-08-20 00:37 - 2008-01-11 00:07 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-08-14 17:05 - 2003-01-05 22:08 - 00000000 ___HD C:\Documents and Settings\All Users\Data aplikací
2015-08-14 16:53 - 2003-01-05 22:00 - 00000000 ___HD C:\Documents and Settings\Patrik\Local Settings\Data aplikací
2015-08-14 16:47 - 2015-06-24 00:16 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-14 16:47 - 2015-06-24 00:16 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-06-24 12:14 - 2015-06-24 12:14 - 0029164 _____ () C:\Documents and Settings\Patrik\Data aplikací\TMP.WAV
2007-05-25 21:45 - 2015-07-25 00:15 - 0189952 _____ () C:\Documents and Settings\Patrik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-10-10 20:26 - 2007-10-10 20:26 - 0000126 _____ () C:\Documents and Settings\Patrik\Local Settings\Data aplikací\fusioncache.dat

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\8a439583.sys

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

To FRST teda moc podle navodu nebylo

Napiste mi velikost adresare plochy (C:\Documents and Settings\Patrik\Plocha)

Presunte FRST na plochu, jinak to nebude fungovat!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-839522115-1336601894-725345543-1003\...\Run: [CCleaner Monitoring] => H:\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-839522115-1336601894-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch

S3 catchme; \??\C:\DOCUME~1\Patrik\LOCALS~1\Temp\catchme.sys [X]

2015-09-09 13:56 - 2015-09-09 13:56 - 00000000 ____D C:\Documents and Settings\Patrik\Data aplikací\Malwarebytes
2015-08-14 17:05 - 2015-08-14 17:05 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-08-14 17:04 - 2015-08-18 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-09-13 19:45 - 2015-06-24 00:25 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

C:\Windows\System32\Drivers\8a439583.sys

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Omlouvám se, snad už to bude nyní v pořádku: Velikost adresáře je 10,2MB a log je zde: (Jinak vše funguje bez problému pouze v nouzovém režimu, při normální spuštění se počítač sekne).

Fix result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by Patrik (2015-09-19 18:58:56) Run:1
Running from C:\Documents and Settings\Patrik\Plocha
Loaded Profiles: Patrik (Available Profiles: Patrik)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-839522115-1336601894-725345543-1003\...\Run: [CCleaner Monitoring] => H:\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-839522115-1336601894-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch

S3 catchme; \??\C:\DOCUME~1\Patrik\LOCALS~1\Temp\catchme.sys [X]

2015-09-09 13:56 - 2015-09-09 13:56 - 00000000 ____D C:\Documents and Settings\Patrik\Data aplikací\Malwarebytes
2015-08-14 17:05 - 2015-08-14 17:05 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-08-14 17:04 - 2015-08-18 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-09-13 19:45 - 2015-06-24 00:25 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

C:\Windows\System32\Drivers\8a439583.sys

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-839522115-1336601894-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-839522115-1336601894-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
catchme => service removed successfully.
C:\Documents and Settings\Patrik\Data aplikací\Malwarebytes => moved successfully
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes => moved successfully
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable) => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\System32\Drivers\8a439583.sys => moved successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM => key removed successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring => key removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 361.3 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:03:13 ====

Jelikoz tam havet nikde nevidim, obavam se, ze to muze mit na svedomi treba ten disk, ktery hlasi spoustu chyb

Pripadne to muze delat i neco legitimniho.

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jestli se neco zmenilo.

Dobrý den,

děkuji moc za pomoc, ale PC si dělá pořád to stejné (musím ho spouštět v nouzovém režimu s prací v síti, aby se nesekl). CCleaner používám běžně, ale tento problém nevyřeší.

Bohužel to bude asi tím HDD.

A sekne se to jen pri pouzivani internetu? Nebo to dela i kdyz neni pripojeny?

7.11. pro neaktivitu

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

Po 10min zamrzne PC

Re: Po 10min zamrzne PC

Re: Po 10min zamrzne PC

Re: Po 10min zamrzne PC

Re: Po 10min zamrzne PC

Re: Po 10min zamrzne PC

Re: Po 10min zamrzne PC