VIRY.CZ

ComboFix 15-11-15.01 - Dodo 16.11.2015 23:50:19.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3001.2499 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dodo\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira Antivirus *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-16 do 2015-11-16 )))))))))))))))))))))))))))))))
.
.
2015-11-15 18:17 . 2015-11-15 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-11-15 18:17 . 2015-11-15 18:17 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-13 08:37 . 2015-11-13 08:37 -------- d-----w- C:\_OTM
2015-11-13 08:19 . 2015-11-13 08:19 -------- d-----w- c:\documents and settings\Dodo\Data aplikací\Avira
2015-11-13 08:15 . 2015-11-13 08:23 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-11-13 08:15 . 2015-04-16 14:23 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-11-13 08:15 . 2015-11-13 08:23 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-11-13 08:15 . 2015-11-13 08:15 -------- d-----w- c:\program files\Avira
2015-11-11 09:03 . 2015-11-13 18:14 -------- d-----w- C:\FRST
2015-11-11 09:00 . 2015-11-11 09:00 15327 ----a-w- c:\documents and settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-10 06:41 . 2015-11-10 06:41 -------- d-----w- c:\program files\Common Files\Lavasoft
2015-11-10 06:39 . 2015-11-10 06:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-15 18:17 . 2015-09-05 10:05 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-13 05:40 . 2014-04-02 16:47 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-13 05:40 . 2014-04-02 16:47 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-11 07:28 . 2015-09-10 06:23 40960 ----a-r- c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe1_B207324667E340CDA7EF8882D37119BC.exe
2015-09-11 07:28 . 2015-09-10 06:23 40960 ----a-r- c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe_B207324667E340CDA7EF8882D37119BC.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\documents and settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-12-16 73832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2011-01-13 30080]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2011-01-13 202112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files\Avira\Antivirus\avgnt.exe" [2015-11-13 782520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdateSvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"SDWSCService"=2 (0x2)
"SDUpdateService"=2 (0x2)
"SDScannerService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Dodo\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
.
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [15.11.2015 19:17 170200]
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27.7.2015 19:11 15688]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.11.2015 9:15 37896]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\Antivirus\sched.exe [13.11.2015 9:15 461672]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [15.10.2013 5:38 50704]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.2.2014 9:43 82072]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [17.8.2014 18:14 28656]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 16:04 9472]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\Antivirus\avmailc.exe [13.11.2015 9:15 916968]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\Antivirus\avwebgrd.exe [13.11.2015 9:15 1210512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [18.2.2015 19:11 315488]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12.5.2015 19:05 83168]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 nlqrmejr;nlqrmejr; [x]
S3 poshxhhc;poshxhhc; [x]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27.7.2015 19:11 10320]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [30.6.2014 23:15 171520]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12.5.2015 19:05 181344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-29 06:16 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02 05:40]
.
2014-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2015-11-16 c:\windows\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
- c:\program files\Citrix\GoToMeeting\2759\g2mupload.exe [2015-06-23 21:18]
.
2014-10-27 c:\windows\Tasks\Opera scheduled Autoupdate 1393579374.job
- c:\program files\Opera\launcher.exe [2014-02-28 09:39]
.
2015-11-14 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2006-06-19 22:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-11-17 00:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\Antivirus\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\Antivirus\avshadow.exe
.
**************************************************************************
.
Celkový čas: 2015-11-17 00:10:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-11-16 23:10
.
Před spuštěním: Volných bajtů: 21 211 365 376
Po spuštění: Volných bajtů: 21 201 281 024
.
- - End Of File - - F4782520EF41998A020F32BE804E158B
413FC2A0C716421B3158746D63736515

hotovo , děkuji

Fix result of Farbar Recovery Scan Tool (x86) Version:16-11-2015
Ran by Dodo (2015-11-17 09:35:26) Run:1
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\WINDOWS\snuvcdsm.exe
File: C:\WINDOWS\system32\msdmo.dll
File: c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe1_B207324667E340CDA7EF8882D37119BC.exe
File: c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe_B207324667E340CDA7EF8882D37119BC.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exesprestrt
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS [X]
S3 nlqrmejr; no ImagePath
S3 poshxhhc; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job
c:\windows\Tasks\Opera scheduled Autoupdate 1393579374.job
c:\windows\Tasks\XoftSpySE.job
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\WINDOWS\snuvcdsm.exe ========================

File is digitally signed
MD5: 2939A288159AABA95594C4FC9098E67C
Creation and modification date: 2015-04-30 - 2011-01-13
Size: 0030080
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product: Display Setting Monitor
Description: DisplaySettingMonitor MFC Application
File Version: 1, 0, 4, 0
Product Version: 1, 0, 4, 0
Copyright: Copyright (C) 2007

====== End of File: ======


========================= File: C:\WINDOWS\system32\msdmo.dll ========================

File is digitally signed
MD5: D3064968439A555CE8069552BDF1FF0C
Creation and modification date: 2008-04-14 - 2008-04-14
Size: 0014336
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= File: c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe1_B207324667E340CDA7EF8882D37119BC.exe ========================

File not signed
MD5: FC11219DBB2BDAE640B09745E4A69F1F
Creation and modification date: 2015-09-10 - 2015-09-11
Size: 0040960
Attributes: ---RA
Company Name: InstallShield Software Corp.
Internal Name: _IsIcoRes.exe
Original Name: _IsIcoRes.exe
Product: InstallShield Developer
Description: InstallShield
File Version: 10.0.135
Product Version: 10.0
Copyright: Copyright © 2000

====== End of File: ======


========================= File: c:\documents and settings\Dodo\Data aplikací\Microsoft\Installer\{B2073246-67E3-40CD-A7EF-8882D37119BC}\assassin.exe_B207324667E340CDA7EF8882D37119BC.exe ========================

File not signed
MD5: FC11219DBB2BDAE640B09745E4A69F1F
Creation and modification date: 2015-09-10 - 2015-09-11
Size: 0040960
Attributes: ---RA
Company Name: InstallShield Software Corp.
Internal Name: _IsIcoRes.exe
Original Name: _IsIcoRes.exe
Product: InstallShield Developer
Description: InstallShield
File Version: 10.0.135
Product Version: 10.0
Copyright: Copyright © 2000

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
MEMSWEEP2 => service removed successfully.
nlqrmejr => service removed successfully.
poshxhhc => service removed successfully.
RtsUIR => service removed successfully.
USBCCID => service removed successfully.
c:\windows\Tasks\AppleSoftwareUpdate.job => moved successfully
c:\windows\Tasks\G2MUploadTask-S-1-5-21-854245398-1677128483-842925246-1004.job => moved successfully
c:\windows\Tasks\Opera scheduled Autoupdate 1393579374.job => moved successfully
c:\windows\Tasks\XoftSpySE.job => moved successfully
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-854245398-1677128483-842925246-1004_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}" => key removed successfully.


The system needed a reboot.

==== End of Fixlog 09:35:41 ====

Spustte FRST a do sirokeho bileho okenka vlozte

*avast*;asw*

kliknete na Search Files. Sken potrva az nekolik minut.
Ve stejnem umisteni, jako mate FRST.exe/FRST64.exe, vznikne soubor Search.txt jehoz obsah vlozte do pristi odpovedi.

Děkuji , Search.txt jsem nenašel ale vyskočilo na mě tohle


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-11-2015
Ran by Dodo (administrator) on GROUP-4B24797DB (17-11-2015 20:56:21)
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\WINDOWS\snuvcdsm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Flux Software LLC) C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [snuvcdsm] => C:\WINDOWS\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782520 2015-11-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [f.lux] => C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{56F82C23-E7A4-4152-90FF-DA03751B4002}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-854245398-1677128483-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-854245398-1677128483-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2010-01-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-1677128483-842925246-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default\Extensions\abs@avira.com [2015-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-01] [not signed]
FF Extension: No Name - C:\Documents and Settings\Dodo\Data aplikacĂ­\Mozilla\Firefox\Profiles\WfXWPG0P.default\extensions\abs@avira.com [not found]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (FB Pixel Helper) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-11-13]
CHR Extension: (AdBlock) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Tag Assistant (by Google)) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Fast Video Downloader) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-12] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [916968 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-11-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1210512 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2067936 2012-04-30] (Atheros Communications, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-04-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [815616 2000-01-01] (Conexant Systems Inc.)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82072 2000-01-01] (Atheros Communications, Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [170200 2015-11-15] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2010-01-14] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-08-17] (Synaptics Incorporated)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [456704 2010-01-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225856 2010-01-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 09:35 - 2015-11-17 20:55 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\FRST-OlderVersion
2015-11-17 00:10 - 2015-11-17 20:57 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\temp
2015-11-17 00:10 - 2015-11-17 00:10 - 00009947 _____ C:\ComboFix.txt
2015-11-17 00:10 - 2015-11-17 00:10 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-17 00:10 - 2015-11-17 00:10 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-11-17 00:10 - 2015-11-17 00:10 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-16 23:47 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-11-16 23:47 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-11-16 23:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-11-16 23:46 - 2015-11-17 00:10 - 00000000 ____D C:\Qoobox
2015-11-16 23:45 - 2015-11-16 23:45 - 05637834 ____R (Swearware) C:\Documents and Settings\Dodo\Plocha\ComboFix.exe
2015-11-16 19:28 - 2015-11-16 19:27 - 01732096 _____ C:\Documents and Settings\Dodo\Plocha\adwcleaner_5.021.exe
2015-11-15 19:46 - 2015-11-15 19:46 - 00071128 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2015-11-15 19:17 - 2015-11-15 19:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-11-15 19:17 - 2015-11-15 19:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-15 19:16 - 2015-11-15 22:20 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\mbar
2015-11-15 19:16 - 2015-11-15 19:16 - 16563352 _____ (Malwarebytes Corp.) C:\Documents and Settings\Dodo\Plocha\mbar-1.09.3.1001.exe
2015-11-13 19:14 - 2015-11-13 19:14 - 00008733 _____ C:\Documents and Settings\Dodo\Plocha\Addition.rar
2015-11-13 19:13 - 2015-11-13 19:14 - 00039169 _____ C:\Documents and Settings\Dodo\Plocha\Addition.txt
2015-11-13 19:11 - 2015-11-17 20:56 - 00013075 _____ C:\Documents and Settings\Dodo\Plocha\FRST.txt
2015-11-13 09:37 - 2015-11-13 09:37 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Dodo\Plocha\OTM.exe
2015-11-13 09:37 - 2015-11-13 09:37 - 00000000 ____D C:\_OTM
2015-11-13 09:19 - 2015-11-13 09:19 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Avira
2015-11-13 09:18 - 2015-11-13 09:18 - 00001695 _____ C:\Documents and Settings\All Users\Plocha\Avira Antivirus.lnk
2015-11-13 09:18 - 2015-11-13 09:18 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2015-11-13 09:15 - 2015-11-13 09:23 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-11-13 09:15 - 2015-11-13 09:23 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-11-13 09:15 - 2015-11-13 09:15 - 00000000 ____D C:\Program Files\Avira
2015-11-13 09:15 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-13 07:32 - 2015-11-13 09:09 - 00002725 _____ C:\WINDOWS\setupapi.log
2015-11-13 07:31 - 2015-11-17 09:37 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-11-13 07:31 - 2015-11-17 09:37 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-13 07:31 - 2015-11-17 09:36 - 00002092 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-13 07:31 - 2015-11-13 08:02 - 02329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-13 07:31 - 2015-11-13 07:31 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-11-13 07:29 - 2015-11-13 07:29 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-11-13 07:28 - 2015-11-17 09:36 - 00006938 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-12 00:00 - 2015-11-12 00:00 - 05903688 _____ (AVAST Software) C:\Documents and Settings\Dodo\Plocha\avastclear.exe
2015-11-11 10:03 - 2015-11-17 20:56 - 00000000 ____D C:\FRST
2015-11-11 10:00 - 2015-11-11 10:00 - 00015327 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 09:59 - 2015-11-17 20:55 - 01378816 _____ (Farbar) C:\Documents and Settings\Dodo\Plocha\FRST.exe
2015-11-11 08:02 - 2015-11-11 08:02 - 00000156 _____ C:\Documents and Settings\Dodo\Dokumenty\cc_20151111_080210.reg
2015-11-10 07:41 - 2015-11-10 07:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-10 07:39 - 2015-11-10 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-11-10 07:32 - 2015-11-16 23:44 - 00004008 _____ C:\Documents and Settings\Dodo\Plocha\Rkill.txt
2015-10-27 21:40 - 2015-10-27 21:40 - 00017171 _____ C:\Documents and Settings\Dodo\Dokumenty\pi5XdLriB.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 20:55 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha
2015-11-17 09:37 - 2014-02-28 09:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-17 09:36 - 2014-02-28 09:17 - 00000178 ___SH C:\Documents and Settings\Dodo\ntuser.ini
2015-11-17 09:36 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo
2015-11-17 00:04 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-16 23:50 - 2014-02-28 09:17 - 00000000 __RHD C:\Documents and Settings\Dodo\Data aplikací
2015-11-16 19:42 - 2015-04-17 18:35 - 00000000 ____D C:\AdwCleaner
2015-11-16 19:42 - 2014-02-28 09:17 - 00000000 ___HD C:\Documents and Settings\Dodo\Local Settings\Data aplikací
2015-11-15 20:19 - 2014-05-28 03:28 - 00183808 __SHC C:\Documents and Settings\Dodo\Dokumenty\Thumbs.db
2015-11-15 19:18 - 2014-06-24 09:31 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-11-15 19:17 - 2015-09-05 11:05 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-15 19:17 - 2014-02-28 09:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-11-15 19:11 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-14 20:19 - 2014-04-30 01:37 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\vlc
2015-11-13 09:38 - 2015-06-18 03:38 - 00000000 ____D C:\Program Files\trend micro
2015-11-13 09:23 - 2015-09-10 15:24 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-11-13 09:18 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-11-13 09:18 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-11-13 09:15 - 2014-02-28 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avira
2015-11-13 09:05 - 2014-02-28 09:37 - 00000327 ___SH C:\boot.ini
2015-11-13 08:16 - 2014-06-24 17:15 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2015-11-13 07:29 - 2014-03-01 23:42 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-13 07:29 - 2014-02-28 09:00 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-13 07:29 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-13 07:29 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-11-13 06:40 - 2014-04-02 17:47 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-13 06:40 - 2014-04-02 17:47 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-13 03:03 - 2014-05-28 05:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-11-12 20:59 - 2014-02-28 09:04 - 00002504 ____C C:\WINDOWS\system32\CONFIG.NT
2015-11-11 08:48 - 2015-09-11 08:28 - 00002413 _____ C:\Documents and Settings\Dodo\Plocha\Assassin G13.lnk
2015-11-11 08:02 - 2014-02-28 09:17 - 00000000 ___RD C:\Documents and Settings\Dodo\Dokumenty
2015-11-10 02:58 - 2015-07-17 10:32 - 00000000 ____D C:\D přesunute
2015-11-10 02:15 - 2015-09-11 08:19 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\screen shots
2015-11-09 20:36 - 2015-09-11 08:21 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\udrzba PC
2015-11-09 02:11 - 2014-02-28 09:40 - 01249222 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-05 01:11 - 2014-04-09 02:23 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-31 00:44 - 2014-02-28 11:47 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Skype
2015-10-29 19:06 - 2015-05-04 20:38 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-10-29 09:38 - 2015-08-24 22:17 - 00000000 ____D C:\Documents and Settings\Dodo\Dokumenty\acident
2015-10-28 19:30 - 2014-12-08 08:32 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\uTorrent
2015-10-22 19:24 - 2015-04-16 21:58 - 00000719 _____ C:\Documents and Settings\All Users\Plocha\VLC media player.lnk

==================== Files in the root of some directories =======

2014-12-27 04:09 - 2014-12-27 04:08 - 0644490 _____ () C:\Program Files\enzymy složení.jpg
2014-04-02 16:34 - 2015-09-02 23:44 - 0026112 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 10:00 - 2015-11-11 10:00 - 0015327 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat

Some files in TEMP:
====================
C:\Documents and Settings\Dodo\Local Settings\temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Děkuji , Search.txt jsem nenašel ale vyskočilo na mě tohle


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-11-2015
Ran by Dodo (administrator) on GROUP-4B24797DB (17-11-2015 20:56:21)
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\WINDOWS\snuvcdsm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Flux Software LLC) C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [snuvcdsm] => C:\WINDOWS\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782520 2015-11-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-854245398-1677128483-842925246-1004\...\Run: [f.lux] => C:\Documents and Settings\Dodo\Local Settings\Data aplikací\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2010-01-14] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{56F82C23-E7A4-4152-90FF-DA03751B4002}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-854245398-1677128483-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-854245398-1677128483-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2010-01-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-854245398-1677128483-842925246-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Dodo\Data aplikací\Mozilla\Firefox\Profiles\WfXWPG0P.default\Extensions\abs@avira.com [2015-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-01] [not signed]
FF Extension: No Name - C:\Documents and Settings\Dodo\Data aplikacĂ­\Mozilla\Firefox\Profiles\WfXWPG0P.default\extensions\abs@avira.com [not found]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (FB Pixel Helper) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-11-13]
CHR Extension: (AdBlock) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Tag Assistant (by Google)) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2015-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Fast Video Downloader) - C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-12] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [916968 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-11-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1210512 2015-11-13] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2067936 2012-04-30] (Atheros Communications, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-04-01] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [815616 2000-01-01] (Conexant Systems Inc.)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2010-01-14] (Microsoft Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82072 2000-01-01] (Atheros Communications, Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [170200 2015-11-15] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2010-01-14] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-08-17] (Synaptics Incorporated)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-11-13] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2010-01-14] (Microsoft Corporation)
U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [456704 2010-01-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2010-01-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225856 2010-01-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 09:35 - 2015-11-17 20:55 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\FRST-OlderVersion
2015-11-17 00:10 - 2015-11-17 20:57 - 00000000 ____D C:\Documents and Settings\Dodo\Local Settings\temp
2015-11-17 00:10 - 2015-11-17 00:10 - 00009947 _____ C:\ComboFix.txt
2015-11-17 00:10 - 2015-11-17 00:10 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-17 00:10 - 2015-11-17 00:10 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-11-17 00:10 - 2015-11-17 00:10 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-16 23:47 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-11-16 23:47 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-11-16 23:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-11-16 23:47 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-11-16 23:46 - 2015-11-17 00:10 - 00000000 ____D C:\Qoobox
2015-11-16 23:45 - 2015-11-16 23:45 - 05637834 ____R (Swearware) C:\Documents and Settings\Dodo\Plocha\ComboFix.exe
2015-11-16 19:28 - 2015-11-16 19:27 - 01732096 _____ C:\Documents and Settings\Dodo\Plocha\adwcleaner_5.021.exe
2015-11-15 19:46 - 2015-11-15 19:46 - 00071128 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2015-11-15 19:17 - 2015-11-15 19:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2015-11-15 19:17 - 2015-11-15 19:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-15 19:16 - 2015-11-15 22:20 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\mbar
2015-11-15 19:16 - 2015-11-15 19:16 - 16563352 _____ (Malwarebytes Corp.) C:\Documents and Settings\Dodo\Plocha\mbar-1.09.3.1001.exe
2015-11-13 19:14 - 2015-11-13 19:14 - 00008733 _____ C:\Documents and Settings\Dodo\Plocha\Addition.rar
2015-11-13 19:13 - 2015-11-13 19:14 - 00039169 _____ C:\Documents and Settings\Dodo\Plocha\Addition.txt
2015-11-13 19:11 - 2015-11-17 20:56 - 00013075 _____ C:\Documents and Settings\Dodo\Plocha\FRST.txt
2015-11-13 09:37 - 2015-11-13 09:37 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Dodo\Plocha\OTM.exe
2015-11-13 09:37 - 2015-11-13 09:37 - 00000000 ____D C:\_OTM
2015-11-13 09:19 - 2015-11-13 09:19 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Avira
2015-11-13 09:18 - 2015-11-13 09:18 - 00001695 _____ C:\Documents and Settings\All Users\Plocha\Avira Antivirus.lnk
2015-11-13 09:18 - 2015-11-13 09:18 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2015-11-13 09:15 - 2015-11-13 09:23 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-11-13 09:15 - 2015-11-13 09:23 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-11-13 09:15 - 2015-11-13 09:15 - 00000000 ____D C:\Program Files\Avira
2015-11-13 09:15 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-13 07:32 - 2015-11-13 09:09 - 00002725 _____ C:\WINDOWS\setupapi.log
2015-11-13 07:31 - 2015-11-17 09:37 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-11-13 07:31 - 2015-11-17 09:37 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-13 07:31 - 2015-11-17 09:36 - 00002092 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-13 07:31 - 2015-11-13 08:02 - 02329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-13 07:31 - 2015-11-13 07:31 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-11-13 07:29 - 2015-11-13 07:29 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-11-13 07:28 - 2015-11-17 09:36 - 00006938 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-12 00:00 - 2015-11-12 00:00 - 05903688 _____ (AVAST Software) C:\Documents and Settings\Dodo\Plocha\avastclear.exe
2015-11-11 10:03 - 2015-11-17 20:56 - 00000000 ____D C:\FRST
2015-11-11 10:00 - 2015-11-11 10:00 - 00015327 _____ C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat
2015-11-11 09:59 - 2015-11-17 20:55 - 01378816 _____ (Farbar) C:\Documents and Settings\Dodo\Plocha\FRST.exe
2015-11-11 08:02 - 2015-11-11 08:02 - 00000156 _____ C:\Documents and Settings\Dodo\Dokumenty\cc_20151111_080210.reg
2015-11-10 07:41 - 2015-11-10 07:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-10 07:39 - 2015-11-10 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2015-11-10 07:32 - 2015-11-16 23:44 - 00004008 _____ C:\Documents and Settings\Dodo\Plocha\Rkill.txt
2015-10-27 21:40 - 2015-10-27 21:40 - 00017171 _____ C:\Documents and Settings\Dodo\Dokumenty\pi5XdLriB.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 20:55 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha
2015-11-17 09:37 - 2014-02-28 09:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-17 09:36 - 2014-02-28 09:17 - 00000178 ___SH C:\Documents and Settings\Dodo\ntuser.ini
2015-11-17 09:36 - 2014-02-28 09:17 - 00000000 ____D C:\Documents and Settings\Dodo
2015-11-17 00:04 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-16 23:50 - 2014-02-28 09:17 - 00000000 __RHD C:\Documents and Settings\Dodo\Data aplikací
2015-11-16 19:42 - 2015-04-17 18:35 - 00000000 ____D C:\AdwCleaner
2015-11-16 19:42 - 2014-02-28 09:17 - 00000000 ___HD C:\Documents and Settings\Dodo\Local Settings\Data aplikací
2015-11-15 20:19 - 2014-05-28 03:28 - 00183808 __SHC C:\Documents and Settings\Dodo\Dokumenty\Thumbs.db
2015-11-15 19:18 - 2014-06-24 09:31 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-11-15 19:17 - 2015-09-05 11:05 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-15 19:17 - 2014-02-28 09:38 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-11-15 19:11 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-14 20:19 - 2014-04-30 01:37 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\vlc
2015-11-13 09:38 - 2015-06-18 03:38 - 00000000 ____D C:\Program Files\trend micro
2015-11-13 09:23 - 2015-09-10 15:24 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-11-13 09:18 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-11-13 09:18 - 2014-02-28 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-11-13 09:15 - 2014-02-28 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avira
2015-11-13 09:05 - 2014-02-28 09:37 - 00000327 ___SH C:\boot.ini
2015-11-13 08:16 - 2014-06-24 17:15 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2015-11-13 07:29 - 2014-03-01 23:42 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-13 07:29 - 2014-02-28 09:00 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-13 07:29 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-13 07:29 - 2014-02-28 08:57 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-11-13 06:40 - 2014-04-02 17:47 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-13 06:40 - 2014-04-02 17:47 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-13 03:03 - 2014-05-28 05:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-11-12 20:59 - 2014-02-28 09:04 - 00002504 ____C C:\WINDOWS\system32\CONFIG.NT
2015-11-11 08:48 - 2015-09-11 08:28 - 00002413 _____ C:\Documents and Settings\Dodo\Plocha\Assassin G13.lnk
2015-11-11 08:02 - 2014-02-28 09:17 - 00000000 ___RD C:\Documents and Settings\Dodo\Dokumenty
2015-11-10 02:58 - 2015-07-17 10:32 - 00000000 ____D C:\D přesunute
2015-11-10 02:15 - 2015-09-11 08:19 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\screen shots
2015-11-09 20:36 - 2015-09-11 08:21 - 00000000 ____D C:\Documents and Settings\Dodo\Plocha\udrzba PC
2015-11-09 02:11 - 2014-02-28 09:40 - 01249222 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-05 01:11 - 2014-04-09 02:23 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-31 00:44 - 2014-02-28 11:47 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\Skype
2015-10-29 19:06 - 2015-05-04 20:38 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-10-29 09:38 - 2015-08-24 22:17 - 00000000 ____D C:\Documents and Settings\Dodo\Dokumenty\acident
2015-10-28 19:30 - 2014-12-08 08:32 - 00000000 ____D C:\Documents and Settings\Dodo\Data aplikací\uTorrent
2015-10-22 19:24 - 2015-04-16 21:58 - 00000719 _____ C:\Documents and Settings\All Users\Plocha\VLC media player.lnk

==================== Files in the root of some directories =======

2014-12-27 04:09 - 2014-12-27 04:08 - 0644490 _____ () C:\Program Files\enzymy složení.jpg
2014-04-02 16:34 - 2015-09-02 23:44 - 0026112 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 10:00 - 2015-11-11 10:00 - 0015327 _____ () C:\Documents and Settings\Dodo\Local Settings\Data aplikací\LM.bat

Some files in TEMP:
====================
C:\Documents and Settings\Dodo\Local Settings\temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Dominik S píše:Děkuji, Search.txt jsem nenašel ale vyskočilo na mě tohle

Protoze jste klikl na tlacitko Scan, nikoliv Search Files, takze Vas poprosim znovu a presne podle navodu





Spustte FRST a do sirokeho bileho okenka vlozte

*avast*;asw*

kliknete na Search Files. Sken potrva az nekolik minut.
Ve stejnem umisteni, jako mate FRST.exe/FRST64.exe, vznikne soubor Search.txt jehoz obsah vlozte do pristi odpovedi.

Ouch omlouvám se dělal jsem to rozespalý


Farbar Recovery Scan Tool (x86) Version:17-11-2015
Ran by Dodo (2015-11-17 21:46:04)
Running from C:\Documents and Settings\Dodo\Plocha
Boot Mode: Normal

================== Search Files: "*avast*;asw*" =============

C:\WINDOWS\system32\drivers\aswrdr.sys.1401002345578
[2014-05-25 08:17][2014-05-25 08:16] 0054832 ___AC (AVAST Software) 46B3ABE51856A9F5B2ABBA0221F4C360 [File is digitally signed]

C:\WINDOWS\system32\drivers\aswrdr.sys.1402821669734
[2014-06-15 09:39][2014-06-15 09:38] 0054832 ___AC (AVAST Software) 46B3ABE51856A9F5B2ABBA0221F4C360 [File is digitally signed]

C:\WINDOWS\system32\drivers\aswsnx.sys.1401002345578
[2014-05-25 08:17][2014-05-25 08:16] 0776976 ___AC (AVAST Software) A148A36F871BFDBF80654D28D6B59FAE [File is digitally signed]

C:\WINDOWS\system32\drivers\aswsnx.sys.1402821669734
[2014-06-15 09:39][2014-06-15 09:38] 0776976 ___AC (AVAST Software) A148A36F871BFDBF80654D28D6B59FAE [File is digitally signed]

C:\Program Files\Common Files\Microsoft Shared\Stationery\aswrule.gif
[2014-02-28 08:59][2008-04-14 12:00] 0002086 ___AC () BF2360194E80050CB0F0E365C198AC31 [File is digitally signed]

C:\Documents and Settings\Dodo\Plocha\avastclear.exe
[2015-11-12 00:00][2015-11-12 00:00] 5903688 ____A (AVAST Software) A9C2AE693EA9C53BAF3D03A369A89012 [File is digitally signed]

C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_www.avast.com_0.localstorage
[2015-09-10 07:02][2015-09-10 07:02] 0003072 ___AC () 4C5DA0DDDE621ACE34C5632DA70E0EF3 [File not signed]

C:\Documents and Settings\Dodo\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\https_www.avast.com_0.localstorage-journal
[2015-09-10 07:02][2015-09-10 07:02] 0003608 ___AC () 5257A429B55DA77731A0BEAE3C10664D [File not signed]

C:\D přesunute\programy\avast-full-version-+-navod.rar
[2015-11-10 21:55][2015-11-10 22:02] 117478609 ____A () 89196f90bbafe63c5af5db3006fbbeab [File not signed]

C:\D přesunute\programy\avastclear.exe
[2015-11-12 00:00][2015-11-12 00:00] 5903688 ____A (AVAST Software) A9C2AE693EA9C53BAF3D03A369A89012 [File is digitally signed]

C:\D přesunute\awast\setup\aswOfferTool.exe
[2014-09-09 07:27][2014-09-09 07:22] 3420040 ___AC (AVAST Software) 465B48A225A741F723DF9773914E5613 [File is digitally signed]

C:\D přesunute\awast\setup\Inf\x86\aswsp.sys.sum
[2014-09-09 07:29][2014-09-09 07:29] 0000223 ___AC () 4EE8762FE0C5DAA965EC8355A18BAB5A [File not signed]

C:\D přesunute\awast\defs\aswdefs.ini
[2014-09-09 07:28][2014-10-08 19:07] 0000032 ___AC () 87E0A314C1ECD52E2D0E35D856CBF061 [File not signed]

C:\D přesunute\awast\defs\14100802\aswAR.dll
[2014-10-08 19:07][2014-10-08 19:07] 0209464 ___AC (AVAST Software) 62EF42A999F202B75BD6CCE2A410C1B4 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswBoot.dll
[2014-10-08 19:07][2014-10-08 19:07] 1824528 ___AC (AVAST Software) 7D6677E7E6F00E7B77093F13EEC0BB93 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswCleanerDLL.dll
[2014-10-08 19:07][2014-10-08 19:07] 0505664 ___AC (AVAST Software) 8ECE9DAFF97569945EC3A4CD857B8677 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswCmnBS.dll
[2014-10-08 19:07][2014-10-08 19:07] 0451008 ___AC (AVAST Software) 4B9975A4B6165A40D057763343B511E0 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswCmnIS.dll
[2014-10-08 19:07][2014-10-08 19:07] 0368120 ___AC (AVAST Software) 547AA2A17C792C10E9CF8804CE145EEE [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswCmnOS.dll
[2014-10-08 19:07][2014-10-08 19:07] 0126576 ___AC (AVAST Software) F4FAE7B7BF5D841E112C75190931B36C [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswEngin.dll
[2014-10-08 19:07][2014-10-08 19:07] 1332176 ___AC (AVAST Software) 84D1CFE07334957AABC0EEAA56F8ADB1 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswFiDb.dll
[2014-10-08 19:07][2014-10-08 19:07] 0463392 ___AC (AVAST Software) 5E32E7C5542D95E04E8ABE8B3F676D11 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswHds.dll
[2014-10-08 19:07][2014-10-08 19:07] 0531384 ___AC (AVAST Software) FB6DD0E995416565D6D44ACEFEC46255 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswRawFS.dll
[2014-10-08 19:07][2014-10-08 19:07] 0457688 ___AC (AVAST Software) 81D5C2D6232FCDBC7916AF659B12C8B7 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswRep.dll
[2014-10-08 19:07][2014-10-08 19:07] 0341328 ___AC (AVAST Software) E111A956689011C0AB482BF282157E25 [File is digitally signed]

C:\D přesunute\awast\defs\14100802\aswScan.dll
[2014-10-08 19:07][2014-10-08 19:07] 0170336 ___AC (AVAST Software) A21579BC188FAF7F7CD69C0E5BDFEF81 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswAR.dll
[2014-10-08 15:05][2014-10-08 15:05] 0209464 ___AC (AVAST Software) 62EF42A999F202B75BD6CCE2A410C1B4 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswBoot.dll
[2014-10-08 15:05][2014-10-08 15:05] 1824528 ___AC (AVAST Software) 7D6677E7E6F00E7B77093F13EEC0BB93 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswCleanerDLL.dll
[2014-10-08 15:05][2014-10-08 15:05] 0505664 ___AC (AVAST Software) 8ECE9DAFF97569945EC3A4CD857B8677 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswCmnBS.dll
[2014-10-08 15:05][2014-10-08 15:05] 0451008 ___AC (AVAST Software) 4B9975A4B6165A40D057763343B511E0 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswCmnIS.dll
[2014-10-08 15:05][2014-10-08 15:05] 0368120 ___AC (AVAST Software) 547AA2A17C792C10E9CF8804CE145EEE [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswCmnOS.dll
[2014-10-08 15:05][2014-10-08 15:05] 0126576 ___AC (AVAST Software) F4FAE7B7BF5D841E112C75190931B36C [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswEngin.dll
[2014-10-08 15:05][2014-10-08 15:05] 1332176 ___AC (AVAST Software) 84D1CFE07334957AABC0EEAA56F8ADB1 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswFiDb.dll
[2014-10-08 15:05][2014-10-08 15:05] 0463392 ___AC (AVAST Software) 5E32E7C5542D95E04E8ABE8B3F676D11 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswHds.dll
[2014-10-08 15:05][2014-10-08 15:05] 0531384 ___AC (AVAST Software) FB6DD0E995416565D6D44ACEFEC46255 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswRawFS.dll
[2014-10-08 15:05][2014-10-08 15:05] 0457688 ___AC (AVAST Software) 81D5C2D6232FCDBC7916AF659B12C8B7 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswRep.dll
[2014-10-08 15:05][2014-10-08 15:05] 0341328 ___AC (AVAST Software) E111A956689011C0AB482BF282157E25 [File is digitally signed]

C:\D přesunute\awast\defs\14100800\aswScan.dll
[2014-10-08 15:05][2014-10-08 15:05] 0170336 ___AC (AVAST Software) A21579BC188FAF7F7CD69C0E5BDFEF81 [File is digitally signed]

====== End of Search ======

děkuji ,


Fix result of Farbar Recovery Scan Tool (x86) Version:17-11-2015
Ran by Dodo (2015-11-18 21:27:36) Run:2
Running from C:\Documents and Settings\Dodo\Plocha
Loaded Profiles: Dodo (Available Profiles: Dodo & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\WINDOWS\system32\drivers\aswrdr.sys
C:\WINDOWS\system32\drivers\aswsnx.sys
C:\D přesunute\programy\avast-full-version-+-navod.rar
C:\D přesunute\awast
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\WINDOWS\system32\drivers\aswrdr.sys" => not found.
"C:\WINDOWS\system32\drivers\aswsnx.sys" => not found.
C:\D přesunute\programy\avast-full-version-+-navod.rar => moved successfully
C:\D přesunute\awast => moved successfully
EmptyTemp: => 567.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:29:08 ====

PC je stale pomaly?



Spustte FRST a do sirokeho bileho okenka vlozte

avast;asw;awast

pote kliknete na Search Registry. Sken potrva az nekolik minut.
Ve stejnem umisteni, jako mate FRST.exe/FRST64.exe, vznikne soubor Search.txt jehoz obsah vlozte do pristi odpovedi.

Děkuji , Pc je stale trochu pomale a Chrome se občas zasekne na několik desitek sekund .

log jsem uložil do přílohy

děkuji , Doufám že s diskem nebude problém ( tenhle disk je maximálně rok starý . sám jsem jej měnil )


----------------------------------------------------------------------------
CrystalDiskInfo 6.2.2 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2015/11/19 19:25:01

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH9M/M-E 2 port Serial ATA Storage Controller 1 - 2928 [ATA]
+ Primární kanál IDE (0)
- TOSHIBA MQ01ABD032
+ Sekundární kanál IDE (1)
- Optiarc DVD RW AD-7580S
+ Intel(R) ICH9M/M-E 2 port Serial ATA Storage Controller 2 - 292D [ATA]
- Primární kanál IDE (0)
- Sekundární kanál IDE (1)

-- Disk List ---------------------------------------------------------------
(1) TOSHIBA MQ01ABD032 : 320,0 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) TOSHIBA MQ01ABD032
----------------------------------------------------------------------------
Model : TOSHIBA MQ01ABD032
Firmware : AX001A
Serial Number : Y3TKS6EZS
Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300 | SATA/300
Power On Hours : 10378 hod.
Power On Count : 779 krát
Temperature : 38 C (100 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Počet chyb čtení
02 100 100 _50 000000000000 Průchodnost disku
03 100 100 __1 00000000047B Čas na roztočení ploten
04 100 100 __0 000000000311 Počet spuštění/zastavení
05 100 100 _50 000000000000 Počet přemapovaných sektorů
07 100 100 _50 000000000000 Počet chybných hledání
08 100 100 _50 000000000000 Čas potřebný na vyhledání
09 _75 _75 __0 00000000288A Hodin v činnosti
0A 115 100 _30 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 00000000030B Počet cyklů zapnutí zařízení
BF 100 100 __0 0000000001D2 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000008F Počet vypnutí disku
C1 _97 _97 __0 000000007EBF Počet cyklů načítání/vymazání
C2 100 100 __0 0037000F0026 Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000008 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DC 100 100 __0 000000000000 Posunutí disku vůči ose
DE _79 _79 __0 00000000216B Počet hodin zalažení budoucího mechanismu magnetických hlav
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E0 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené napětím mechanických částí
E2 100 100 __0 0000000000FF Celkový čas zatížení budiče magnetických hlav
F0 100 100 __1 000000000000 Čas nastavování hlaviček - v hodinách

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2059 3354 4B53 3645 5A53
020: 0000 4000 0000 4158 3030 3141 2020 544F 5348 4942
030: 4120 4D51 3031 4142 4430 3332 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0007 0407 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0F06 0004 004C 0040
080: 01F8 0000 746B 7D09 6163 7469 BC09 6163 003F 0027
090: 0027 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 6003 0000 5000 0395
110: 25F8 BE9A 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 56A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0B 00 64 64 00 00 00 00 00 00 00 02 05
010: 00 64 64 00 00 00 00 00 00 00 03 27 00 64 64 7B
020: 04 00 00 00 00 00 04 32 00 64 64 11 03 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 0B
040: 00 64 64 00 00 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 32 00 4B 4B 8A 28 00 00 00
060: 00 00 0A 33 00 73 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 0B 03 00 00 00 00 00 BF 32 00 64 64 D2
080: 01 00 00 00 00 00 C0 32 00 64 64 8F 00 00 00 00
090: 00 00 C1 32 00 61 61 BF 7E 00 00 00 00 00 C2 22
0A0: 00 64 64 26 00 0F 00 37 00 00 C4 32 00 64 64 00
0B0: 00 00 00 00 00 00 C5 32 00 64 64 08 00 00 00 00
0C0: 00 00 C6 30 00 64 64 00 00 00 00 00 00 00 C7 32
0D0: 00 C8 C8 00 00 00 00 00 00 00 DC 02 00 64 64 00
0E0: 00 00 00 00 00 00 DE 32 00 4F 4F 6B 21 00 00 00
0F0: 00 00 DF 32 00 64 64 00 00 00 00 00 00 00 E0 22
100: 00 64 64 00 00 00 00 00 00 00 E2 26 00 64 64 FF
110: 00 00 00 00 00 00 F0 01 00 64 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 5B
170: 03 00 01 00 02 52 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8F

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 32 00 00 00 00 00 00 00 00 00 00 02 32
010: 00 00 00 00 00 00 00 00 00 00 03 01 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 32 00 00 00 00 00 00 00 00 00 00 07 32
040: 00 00 00 00 00 00 00 00 00 00 08 32 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 1E 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
080: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
090: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 DC 00 00 00 00 00
0E0: 00 00 00 00 00 00 DE 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E0 00
100: 00 00 00 00 00 00 00 00 00 00 E2 00 00 00 00 00
110: 00 00 00 00 00 00 F0 01 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36

Dominik S píše:děkuji , Doufám že s diskem nebude problém ( tenhle disk je maximálně rok starý . sám jsem jej měnil )

Jenda se o jeden ukazatel, ale uvidime



Nainstalujte a spustte HD Tune - http://www.hdtune.com/files/hdtune_255.exe

• Prejdete na zalozku Health a zkontrolujte, ze je ve sloupecku Status vsude hodnota OK a dole sviti zelene Health status: OK
• Na zalozce Error Scan kliknete na Start. Po dokonceni testu udelejte screen a prilozte ho k dalsi odpovedi.