VIRY.CZ

Omlouvám se Marty, byla jsem zoufalá:(.

V nouzovém režimu šly některé programy odinstalovat (v tom Revu), vytvoření bodu obnovení selhalo, ale pokračovalo to dál. MBAM odinstalovat nešlo, zasek se odinstalátor MBAMu.

Combofix tentokrát doběh, viz log:

ComboFix 16-12-06.01 - Tomáš 12.12.2016 22:46:27.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1391 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\programfiles
c:\windows\msdownld.tmp
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-11-12 do 2016-12-12 )))))))))))))))))))))))))))))))
.
.
2016-12-12 21:55 . 2016-12-12 22:08 -------- d-----w- c:\users\Tomáš\AppData\Local\temp
2016-12-12 21:55 . 2016-12-12 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-12 10:30 . 2016-12-11 14:42 65344 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2016-12-09 11:50 . 2016-12-11 10:09 153024 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2016-12-09 11:50 . 2016-12-12 21:36 63264 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-12-09 11:49 . 2016-12-12 21:35 219072 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-09 11:49 . 2016-11-29 05:27 59968 ----a-w- c:\windows\system32\drivers\mbae.sys
2016-12-09 11:48 . 2016-12-09 11:48 -------- d-----w- c:\program files\Malwarebytes
2016-12-08 18:19 . 2016-12-08 18:19 -------- d-----w- c:\users\Tomáš\AppData\Roaming\QCAD
2016-12-08 18:03 . 2016-12-08 18:05 -------- d-----w- c:\program files\QCAD
2016-12-08 09:54 . 2016-12-11 10:17 -------- d-----w- C:\FRST
2016-12-08 08:18 . 2016-12-08 19:22 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-12 21:35 . 2013-04-19 06:18 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-13 11:24 . 2013-05-17 07:23 224752 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-26 11:25 . 2008-08-25 16:26 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-26 11:24 . 2011-08-19 11:40 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-26 11:21 . 2015-11-10 12:31 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-09-26 11:21 . 2008-08-25 16:26 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-09-26 11:21 . 2014-04-26 15:40 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-26 11:21 . 2013-05-17 07:23 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-26 11:21 . 2008-08-25 16:26 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-09-26 11:21 . 2008-08-25 16:26 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-26 11:21 . 2016-09-26 11:22 921280 ----a-w- c:\windows\ucrtbase.dll
2016-09-26 11:20 . 2016-09-26 11:22 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-26 11:20 . 2016-09-26 11:20 53208 ----a-w- c:\windows\avastSS.scr
2016-09-26 11:20 . 2016-04-15 11:08 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-26 11:20 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-12-17 13:37 1094000 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 09:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowBatteryBar]
2009-05-28 21:02 90624 ----a-w- c:\program files\BatteryBar\ShowBatteryBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 14:45 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Skytel"=Skytel.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-401885020-672167872-4106706270-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2011-05-23 36624]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2011-05-23 46480]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-01-02 116608]
R4 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 08:07 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-21 07:34]
.
2016-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-21 07:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.88.1 188.122.222.222 188.122.222.223
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-12-12 23:08
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Online Games Manager\ogmservice.exe
c:\program files\Wondershare\WAF\2.1.5.0\WsAppService.exe
c:\program files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2016-12-12 23:18:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-12-12 22:18
ComboFix.txt 2016-12-11 16:30
.
Před spuštěním: Volných bajtů: 14 199 361 536
Po spuštění: Volných bajtů: 14 273 097 728
.
- - End Of File - - 3ACC6210EF93AB21397C8C7488BB76EC
5C616939100B85E558DA92B899A0FC36

V pohode, neni proc se omlouvat, jen jsem chtel vysvetlit, jak to je

Jinak to zcela chapu, taky bych to chtel mit co nejdrive hotove

Dejte nove logy z FRST. Docistime to a MBAM odpalim silou.

MBAM se mi podařilo odinstalovat, pred tim jsem to zkoušela ještě před tím combofixem, po combofixu to šlo. Taky jsem vypnula v Revo uninstallatoru vytváření bodu obnovení.

Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Tomáš (administrator) on PUNTULKA (13-12-2016 09:19:36)
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.5.0\WsAppService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(C. Ghisler & Co.) C:\Program Files\Totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-401885020-672167872-4106706270-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-26] (AVAST Software)
GroupPolicy\User: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-19] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 188.122.222.222 188.122.222.223
Tcpip\..\Interfaces\{B6764651-0603-43B3-8D07-CF2D51D602FD}: [DhcpNameServer] 192.168.88.1 188.122.222.222 188.122.222.223

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-401885020-672167872-4106706270-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-401885020-672167872-4106706270-1000 -> {761EB9DB-05AB-4380-B2A1-E0ACEB8957A7} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Toolbar: HKLM - No Name - {95188727-288F-4581-A48D-EAB3BD027314} - No File
Toolbar: HKU\S-1-5-21-401885020-672167872-4106706270-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\TomTom\HOME\Profiles\p9ln8pt4.default [2012-01-28]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default [2016-09-14]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\u5vszwbm.default -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\u5vszwbm.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\u5vszwbm.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\u5vszwbm.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\u5vszwbm.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\u5vszwbm.default -> hxxps://www.google.com/search
FF Extension: (Firebug) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\firebug@software.joehewitt.com.xpi [2016-09-13]
FF Extension: (Firefox Hotfix) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-13]
FF Extension: (Vacuum Places Improved) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi [2016-09-13]
FF Extension: (YSlow) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\yslow@yahoo-inc.com.xpi [2016-09-13]
FF Extension: (Garmin Communicator) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-09-13]
FF Extension: (Html Validator) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}(160) [2013-10-20] [not signed]
FF Extension: (Flashblock) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-09-13]
FF Extension: (View Source Chart) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}.xpi [2016-09-13]
FF Extension: (Web Developer) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-09-13]
FF Extension: (HackBar) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2016-09-13]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Program na daně\Filler\npfiller.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> http://www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default [2016-12-13]
CHR Extension: (Prezentace Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-10]
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-10]
CHR Extension: (Disk Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-14]
CHR Extension: (YouTube) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Tabulky Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-11]
CHR Extension: (Avast Online Security) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-08]
CHR Extension: (FormApps Chrome Extension) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2016-09-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-29]
CHR Extension: (Gmail) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TOM~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: chrome.exe - C:\Users\Tomáš\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.DLL6RFUYD4C3RFIIJCCV6JMLOM - C:\Users\Tomáš\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S4 Apache2.2; E:\Apache\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S3 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S4 mysql; E:\Apache\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581608 2016-06-23] (RealNetworks, Inc.)
S3 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed]
S3 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [465872 2011-05-23] (Cisco Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.5.0\WsAppService.exe [382464 2015-12-02] (Wondershare) [File not signed]
S4 XAMPP; E:\Apache\service.exe [60928 2007-12-21] () [File not signed]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [36624 2011-05-23] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [46480 2011-05-23] (Cisco Systems, Inc.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-26] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-09-26] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File not signed]
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
R1 eusk2par; C:\Windows\system32\Drivers\eusk2par.sys [30656 2006-12-13] (Eutron)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [12416 2006-06-16] ( )
S3 i1display; C:\Windows\System32\Drivers\i1display.sys [44344 2004-10-15] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-18] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R2 PDIHWCTL; C:\Windows\system32\drivers\pdihwctl.sys [14416 2007-01-25] (Portrait Displays, Inc.) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [252416 2007-06-01] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-11] () [File not signed]
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (TeamViewer GmbH)
S3 V0420VID; C:\Windows\System32\DRIVERS\V0420Vid.sys [99648 2007-05-31] (Creative Technology Ltd.)
U3 ab8jbxjg; C:\Windows\system32\Drivers\ab8jbxjg.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 09:18 - 2016-12-13 09:18 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš\Downloads\Nepotvrzeno 648469.crdownload
2016-12-13 09:18 - 2016-12-13 09:18 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš\Downloads\Nepotvrzeno 403046.crdownload
2016-12-13 09:17 - 2016-12-13 09:17 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš\Downloads\Nepotvrzeno 98661.crdownload
2016-12-13 09:04 - 2016-12-13 09:04 - 00000000 ____D C:\Windows\LastGood
2016-12-12 23:18 - 2016-12-12 23:18 - 00009414 _____ C:\ComboFix.txt
2016-12-12 22:33 - 2016-12-12 22:53 - 00078944 _____ C:\Windows\ntbtlog.txt
2016-12-12 11:30 - 2016-12-11 15:42 - 00065344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2016-12-11 20:03 - 2016-12-11 20:03 - 00000999 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-12-11 20:03 - 2016-12-11 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-12-11 20:01 - 2016-12-11 20:01 - 07100088 _____ (VS Revo Group ) C:\Users\Tomáš\Downloads\revosetup.exe
2016-12-11 16:42 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-11 16:42 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-11 16:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-11 16:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-11 16:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-11 16:42 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-11 16:42 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-11 16:42 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-11 16:41 - 2016-12-12 23:18 - 00000000 ____D C:\Qoobox
2016-12-11 16:33 - 2016-12-11 16:34 - 05658636 ____R (Swearware) C:\ComboFix.exe
2016-12-11 11:21 - 2016-12-11 11:21 - 00010735 _____ C:\Users\Tomáš\Desktop\Addition.txt
2016-12-11 11:17 - 2016-12-13 09:20 - 00018402 _____ C:\Users\Tomáš\Desktop\FRST.txt
2016-12-11 11:17 - 2016-12-11 11:17 - 00015327 _____ C:\Users\Tomáš\Desktop\LM.bat
2016-12-09 12:46 - 2016-12-09 12:47 - 51969976 _____ (Malwarebytes ) C:\Users\Tomáš\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-08 20:14 - 2016-12-08 20:14 - 11413488 _____ C:\Users\Tomáš\Downloads\CrystalDiskInfo7_0_4-en.exe
2016-12-08 19:19 - 2016-12-08 19:19 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\QCAD
2016-12-08 19:03 - 2016-12-08 19:05 - 00000000 ____D C:\Program Files\QCAD
2016-12-08 19:03 - 2016-12-08 19:03 - 00000713 _____ C:\Users\Tomáš\Desktop\QCAD.lnk
2016-12-08 19:03 - 2016-12-08 19:03 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QCAD
2016-12-08 19:03 - 2016-12-08 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QCAD
2016-12-08 17:15 - 2016-12-08 17:17 - 44677590 _____ C:\Users\Tomáš\Downloads\qcad-3.15.3-win32-installer.exe
2016-12-08 10:54 - 2016-12-11 11:17 - 00000000 ____D C:\FRST
2016-12-08 09:18 - 2016-12-08 20:22 - 00000000 ____D C:\AdwCleaner
2016-12-08 09:12 - 2016-12-08 09:13 - 01761792 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST.exe
2016-12-08 09:08 - 2016-12-08 09:09 - 03968464 _____ C:\Users\Tomáš\Desktop\adwcleaner_6.040.exe
2016-12-05 14:27 - 2016-12-05 14:27 - 00680110 _____ C:\Users\Tomáš\Downloads\pojistne_podminky_majetek_a_odpovednost.pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00030248 _____ C:\Users\Tomáš\Downloads\spoluucast (1).pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00020917 _____ C:\Users\Tomáš\Downloads\rizika-odpovednost.pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00017719 _____ C:\Users\Tomáš\Downloads\limity-odpovednost.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00030248 _____ C:\Users\Tomáš\Downloads\spoluucast.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00023629 _____ C:\Users\Tomáš\Downloads\limity-budovy.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00020145 _____ C:\Users\Tomáš\Downloads\rizika-budovy.pdf
2016-12-02 20:29 - 2016-12-02 20:29 - 00039448 _____ C:\Users\Tomáš\Downloads\Lights-Out-2016.srt
2016-12-01 18:51 - 2016-12-01 18:51 - 03023179 _____ C:\Users\Tomáš\Downloads\Český návod - BEKO MOB 20231 BG.pdf
2016-12-01 18:51 - 2016-12-01 18:51 - 00936537 _____ C:\Users\Tomáš\Downloads\Instalační návod - BEKO MOB 20231 BG.pdf
2016-12-01 18:43 - 2016-12-01 18:43 - 00087553 _____ C:\Users\Tomáš\Downloads\La-grande-bellezza(0000232825).srt
2016-12-01 14:25 - 2016-12-01 14:25 - 00089365 _____ C:\Users\Tomáš\Downloads\OznameniZmena_2012_ToFill_3 (1).pdf
2016-12-01 14:09 - 2016-12-01 14:09 - 00026843 _____ C:\Users\Tomáš\Downloads\Oznameni_zmena_5.pdf
2016-12-01 14:06 - 2016-12-01 14:06 - 00089365 _____ C:\Users\Tomáš\Downloads\OznameniZmena_2012_ToFill_3.pdf
2016-11-28 19:37 - 2016-11-28 19:37 - 00003820 _____ C:\Users\Tomáš\AppData\Local\recently-used.xbel
2016-11-17 13:05 - 2016-11-17 13:06 - 00128284 _____ C:\Users\Tomáš\Downloads\objednavka_dopyt_prahov_do_apexu.xltm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 09:09 - 2007-01-08 22:09 - 00648240 _____ C:\Windows\system32\perfh005.dat
2016-12-13 09:09 - 2007-01-08 22:09 - 00138830 _____ C:\Windows\system32\perfc005.dat
2016-12-13 09:09 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-12-13 09:09 - 2006-11-02 11:33 - 01539946 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-13 09:04 - 2010-03-19 17:45 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-13 09:03 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-13 09:03 - 2006-11-02 13:47 - 00346128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-13 09:03 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-13 09:03 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-13 00:22 - 2006-11-02 14:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-13 00:19 - 2013-04-19 07:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-13 00:11 - 2011-09-19 20:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-13 00:10 - 2012-12-08 14:52 - 00054156 ____H C:\Windows\QTFont.qfn
2016-12-13 00:08 - 2007-09-05 07:59 - 00000000 ____D C:\Windows\system32\RTCOM
2016-12-13 00:08 - 2007-09-05 07:58 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2016-12-13 00:03 - 2010-12-20 11:39 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\The Bat! Pwd
2016-12-13 00:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Help
2016-12-12 23:52 - 2010-03-19 17:45 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-12 23:18 - 2008-09-14 19:42 - 00000000 ____D C:\Users\Tomáš\AppData\Local\Apps\2.0
2016-12-12 23:08 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2016-12-11 17:25 - 2010-01-13 14:42 - 00000000 ____D C:\Windows\ERDNT
2016-12-05 19:27 - 2012-12-08 15:16 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\vlc
2016-12-01 13:25 - 2008-10-12 17:41 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\uTorrent
2016-11-30 20:14 - 2013-10-10 17:39 - 00000000 ____D C:\Torrents
2016-11-28 19:39 - 2013-10-02 16:56 - 00000000 ____D C:\Users\Tomáš\.gimp-2.8
2016-11-28 19:37 - 2013-11-17 15:53 - 00000000 ____D C:\Users\Tomáš\AppData\Local\gtk-2.0
2016-11-25 16:21 - 2008-08-03 21:55 - 00119808 _____ C:\Users\Tomáš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-25 12:52 - 2016-07-26 13:00 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-25 11:57 - 2016-02-02 11:49 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Seznam.cz
2016-11-25 11:54 - 2007-09-05 08:41 - 00000000 ____D C:\Program Files\Adobe
2016-11-25 11:22 - 2010-11-13 09:52 - 00026249 ____H C:\treeinfo.wc
2016-11-23 12:11 - 2008-08-31 09:31 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Skype
2016-11-23 12:04 - 2016-04-08 13:39 - 00000000 ___RD C:\Program Files\Skype
2016-11-23 12:04 - 2011-03-19 12:39 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2009-09-02 17:13 - 2009-09-02 17:13 - 0000600 _____ () C:\Users\Tomáš\AppData\Roaming\PUTTY.RND
2013-04-17 15:40 - 2013-04-18 06:44 - 0000680 _____ () C:\Users\Tomáš\AppData\Local\d3d9caps.dat
2008-08-03 21:55 - 2016-11-25 16:21 - 0119808 _____ () C:\Users\Tomáš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-13 18:07 - 2013-05-27 20:40 - 0004096 ____H () C:\Users\Tomáš\AppData\Local\keyfile3.drm
2008-12-25 00:45 - 2013-08-31 12:37 - 0000600 _____ () C:\Users\Tomáš\AppData\Local\PUTTY.RND
2016-11-28 19:37 - 2016-11-28 19:37 - 0003820 _____ () C:\Users\Tomáš\AppData\Local\recently-used.xbel
2016-04-01 12:41 - 2016-04-01 12:41 - 0000031 _____ () C:\Users\Tomáš\AppData\Local\SQ.RemoverDelete.bat
2016-02-08 18:52 - 2016-02-08 18:52 - 0032038 _____ () C:\Users\Tomáš\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico

Files to move or delete:
====================
C:\Users\Tomáš\xobglu16.dll
C:\Users\Tomáš\xobglu32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-13 09:09

==================== End of FRST.txt ============================

PS: Cím to, že nejdou ty aktualizace Windows? Zasekne se to ještě na stahování.

petrat píše:PS: Cím to, že nejdou ty aktualizace Windows? Zasekne se to ještě na stahování.

To nevim. Treba to pujde, az to docistime. Muze byt i naboreny system, s tim moc delat nepujde. Ale stejne brzy skonci jeho podpora, takze zadne aktualizace uz nebudou.

Napiste mi velikost adresare plochy (C:\Users\Tomáš\Plocha)

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
GroupPolicy\User: Restriction ? <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Toolbar: HKLM - No Name - {95188727-288F-4581-A48D-EAB3BD027314} - No File
Toolbar: HKU\S-1-5-21-401885020-672167872-4106706270-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

CHR HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TOM~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>

FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]

S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]

2016-12-13 00:19 - 2013-04-19 07:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-25 12:52 - 2016-07-26 13:00 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-12-13 00:11 - 2011-09-19 20:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Velikost plochy: 88,0 MB (92 317 790 bajtů)

Šlo to jen z nouzového režimu (v normálním pořád nefunguje vytvoření bodu obnovení a tak se to zasekne):
Fix result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by Tomáš (13-12-2016 22:54:09) Run:2
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
GroupPolicy\User: Restriction ? <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Toolbar: HKLM - No Name - {95188727-288F-4581-A48D-EAB3BD027314} - No File
Toolbar: HKU\S-1-5-21-401885020-672167872-4106706270-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

CHR HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TOM~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>

FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]

S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]

2016-12-13 00:19 - 2013-04-19 07:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-25 12:52 - 2016-07-26 13:00 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-12-13 00:11 - 2011-09-19 20:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value not found.
HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => key not found.
"C:\Windows\system32\GroupPolicy\User" => not found.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF}" => key removed successfully.
HKCR\CLSID\{451C804F-C205-4F03-B48E-537EC94937BF} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95188727-288F-4581-A48D-EAB3BD027314} => value removed successfully.
HKCR\CLSID\{95188727-288F-4581-A48D-EAB3BD027314} => key not found.
HKU\S-1-5-21-401885020-672167872-4106706270-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value removed successfully.
HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => key not found.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully.
"HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully.
C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com => path removed successfully.
McComponentHostService => service removed successfully.
C:\ProgramData\Malwarebytes => moved successfully
C:\Program Files\Emsisoft Anti-Malware => moved successfully
C:\Program Files\SUPERAntiSpyware => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42184667 B
Java, Flash, Steam htmlcache => 1053 B
Windows/system/drivers => 604 B
Edge => 0 B
Chrome => 363157451 B
Firefox => 248562437 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 19569258 B
LocalService => 66228 B
NetworkService => 67156 B
Tomáš => 7300476 B

RecycleBin => 7511887 B
EmptyTemp: => 656.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:56:18 ====

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Presunte ComboFix zpatky na plochu. Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak to s pc vypada.

Dobré ráno Marty, vypadá to o hodně lépe:).

Jediné co mi nejde je to aktualizování Windows.
Ale to asi opravit nejde.

Každopádně Vám velmi děkuji za pomoc

Ono je to mozna i tim, ze Vista uz neni plne podporovana. Ale tezko takhle na dalku hadat. Havet uz tam neni a me moznosti jsou omezene

Jeste zkusime...

1) Otevrte Poznamkovy blok (pokud ho nemate na plose, tak kliknete na Start, pak programy a prislusenstvi)
2) Zkopirujte do nej ten zeleny text

Kód: Vybrat vše

net stop wuauserv >> "%userprofile%\desktop\kontrola.txt"
net STOP BITS >> "%userprofile%\desktop\kontrola.txt"

net start wuauserv >> "%userprofile%\desktop\kontrola.txt"
net start BITS >> "%userprofile%\desktop\kontrola.txt"

start notepad "%userprofile%\desktop\kontrola.txt"

3) Vlevo nahore kliknete na napis Soubor
4) Kliknete na napis Ulozit jako...
5) Napiste spravne ten cerveny nazev kontrola.bat a pak vyberte u moznosti Ulozit jako typ : Vsechny soubory
6) Ulozte nejlepe na plochu (ulozi se tam soubor s nazvem kontrola, ale nebude vypadat jako textak, tak se nelekejte).
7) Na to, co jste prave ulozil/a, kliknete pravym mysidlem a spustte jako spravce.
8) Po chvilce se na plose objevi textovy dokument s nazvem kontrola, jaho obsah mi sem zkopirujte.

Zastavov nˇ slu§by Windows Update..........
Slu§ba Windows Update byla ŁspŘçnŘ zastavena.

Zastavov nˇ slu§by Slu§ba inteligentnˇho pýenosu na pozadˇ.
Slu§ba Slu§ba inteligentnˇho pýenosu na pozadˇ byla ŁspŘçnŘ zastavena.

SpouçtŘnˇ slu§by Windows Update.
Slu§ba Windows Update byla ŁspŘçnŘ spuçtŘna.

SpouçtŘnˇ slu§by Slu§ba inteligentnˇho pýenosu na pozadˇ.
Slu§ba Slu§ba inteligentnˇho pýenosu na pozadˇ byla ŁspŘçnŘ spuçtŘna.

Toto je OK. S temi aktualizacemi asi takhle nepohnu, to je ukol pro technickou podporu microsoftu. Ale ja uz bych to neresil, stejne za chvili prestanou vychazet jakekoliv aktualizace, uz ted je to omezene, Vista uz proste bohuzel patri do muzea

VIRY.CZ

Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC

Re: Velmi pomalý PC