VIRY.CZ

vyskakují mi reklamy Ads by ividi (Chrome i IE)
nejde přihlásit na mejl, chtěj po mě číslo tel... takže jsem asi ovládnut... viz. příloha

Díky

log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-07-2014
Ran by Tomas (administrator) on TOM on 09-07-2014 17:55:59
Running from C:\Documents and Settings\Tomas\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
() C:\Program Files\IMPI\ExtensionUpdaterService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\WINDOWS\system32\PAStiSvc.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TDispVol.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
( TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
(Dropbox, Inc.) C:\Documents and Settings\Tomas\Data aplikací\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [TDispVol] => C:\WINDOWS\system32\TDispVol.exe [73728 2005-12-27] (TOSHIBA Corporation)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [266240 2005-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-05-22] (Chicony)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-06-01] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-06-01] (Intel Corporation)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Samsung PanelMgr] => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [524288 2008-08-11] ()
HKLM\...\Run: [3170 Scan2PC] => C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [495616 2008-08-07] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\Run: [Facebook Update] => C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [138096 2012-07-24] (Facebook Inc.)
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {3364fcc4-d0d9-11e1-8aba-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {704df914-c04c-11e1-8a91-ad742de81981} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {95318b84-1e30-11e3-b6c3-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {99dc0180-c929-11e1-8aa7-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {e9bc57dc-b12c-11e1-8a70-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {e9bc57df-b12c-11e1-8a70-0013e883721b} - F:\Launcher.exe
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Monitor.lnk
ShortcutTarget: Bluetooth Monitor.lnk -> C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe ( TOSHIBA CORPORATION)
Startup: C:\Documents and Settings\Tomas\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Tomas\Data aplikací\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Tomas\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: Správa překryvné ikony digitálních podpisů AutoCADu -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: ividi Helper Object - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll (Unitech LLC)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline software systems Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-03]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-02]
FF HKLM\...\Firefox\Extensions: [{17E113E6-CD0E-4045-B154-65F0E57959EF}] - C:\Program Files\IMPI\Firefox
FF Extension: IMPI - C:\Program Files\IMPI\Firefox [2013-02-11]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Tomas\Local Settings\Data aplikac\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Unity Player) - C:\Documents and Settings\Tomas\Local Settings\Data aplikac\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (iVidi Chrome Toolbar) - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2013-10-27]
CHR Extension: (IMPI) - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap [2013-02-11]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Program Files\Unitech LLC\ividi\1.8.23.0\ividi.crx [2013-07-25]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-06-01] (Intel Corporation) [File not signed]
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4412872 2012-08-22] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IMPI Updater; C:\Program Files\IMPI\ExtensionUpdaterService.exe [185856 2013-02-05] () [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-02] (Sun Microsystems, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-03] (HP) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-06-01] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-06-01] (Intel Corporation ) [File not signed]
R2 STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [53248 2005-01-14] ()

==================== Drivers (Whitelisted) ====================

S3 adusbser; C:\WINDOWS\System32\DRIVERS\adusbser.sys [106880 2009-11-06] (AnyDATA.NET INC.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21393 2012-01-01] (Cisco Systems, Inc.)
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238208 2012-06-15] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46720 2012-06-15] (SafeNet Inc.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [289152 2012-06-15] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2007-10-22] (Samsung Electronics Co., Ltd.) [File not signed]
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-14] (DT Soft Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2208512 2007-06-21] (Intel Corporation)
S3 PAC7311; C:\WINDOWS\System32\DRIVERS\PA707UCM.SYS [150272 2005-09-16] (PixArt Imaging Inc.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SE27bus; C:\WINDOWS\System32\DRIVERS\SE27bus.sys [61600 2006-09-18] (MCCI) [File not signed]
S3 SE27mdfl; C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys [9360 2006-09-18] (MCCI) [File not signed]
S3 SE27mdm; C:\WINDOWS\System32\DRIVERS\SE27mdm.sys [97184 2006-09-18] (MCCI) [File not signed]
S3 SE27mgmt; C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys [88688 2006-09-18] (MCCI) [File not signed]
S3 se27nd5; C:\WINDOWS\System32\DRIVERS\se27nd5.sys [18704 2006-09-18] (MCCI) [File not signed]
S3 SE27obex; C:\WINDOWS\System32\DRIVERS\SE27obex.sys [86560 2006-09-18] (MCCI) [File not signed]
S3 se27unic; C:\WINDOWS\System32\DRIVERS\se27unic.sys [90800 2006-09-18] (MCCI) [File not signed]
S2 Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [73216 1999-07-20] () [File not signed]
S3 silabenm; C:\WINDOWS\System32\DRIVERS\silabenm.sys [47176 2011-02-08] (Silicon Laboratories)
S3 silabser; C:\WINDOWS\System32\DRIVERS\silabser.sys [58496 2011-02-08] (Silicon Laboratories)
R1 TPwSav; C:\WINDOWS\system32\drivers\TPwSav.sys [11264 2006-06-22] (TOSHIBA ) [File not signed]
R3 UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey.sys [72704 2006-11-22] (WIBU-SYSTEMS AG) [File not signed]
U5 BTHPORT; C:\Windows\System32\Drivers\BTHPORT.sys [272128 2008-06-14] (Microsoft Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
S3 TotRec8; \??\C:\WINDOWS\system32\drivers\TotRec8.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 17:55 - 2014-07-09 17:56 - 00022113 _____ () C:\Documents and Settings\Tomas\Plocha\FRST.txt
2014-07-09 17:49 - 2014-07-09 17:56 - 00000000 ____D () C:\FRST
2014-07-09 17:49 - 2014-07-09 17:49 - 01074688 _____ (Farbar) C:\Documents and Settings\Tomas\Plocha\FRST.exe
2014-07-05 11:56 - 2014-07-05 11:59 - 00000000 ____D () C:\Documents and Settings\Tomas\Plocha\Nová složka (3)
2014-06-09 22:01 - 2014-06-09 23:32 - 00064719 _____ () C:\Documents and Settings\Tomas\Plocha\Gruzie 2013%2F%2F%2F%2F%2F%2F%2F%2F%2FUkraina 2012.xlsx

==================== One Month Modified Files and Folders =======

2014-07-09 17:56 - 2014-07-09 17:55 - 00022113 _____ () C:\Documents and Settings\Tomas\Plocha\FRST.txt
2014-07-09 17:56 - 2014-07-09 17:49 - 00000000 ____D () C:\FRST
2014-07-09 17:56 - 2012-01-01 18:10 - 00000000 ____D () C:\Documents and Settings\Tomas\Local Settings\Temp
2014-07-09 17:55 - 2012-01-01 18:10 - 00000000 ____D () C:\Documents and Settings\Tomas\Plocha
2014-07-09 17:54 - 2012-02-14 10:21 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-09 17:49 - 2014-07-09 17:49 - 01074688 _____ (Farbar) C:\Documents and Settings\Tomas\Plocha\FRST.exe
2014-07-09 17:34 - 2012-04-08 22:49 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-09 17:23 - 2012-01-01 18:01 - 01926246 ____N () C:\WINDOWS\WindowsUpdate.log
2014-07-09 17:18 - 2014-01-26 19:40 - 00000000 ___RD () C:\Documents and Settings\Tomas\Dokumenty\Dropbox
2014-07-09 17:18 - 2014-01-26 19:33 - 00000000 ____D () C:\Documents and Settings\Tomas\Data aplikací\DropboxMaster
2014-07-09 17:18 - 2014-01-26 19:32 - 00000000 ____D () C:\Documents and Settings\Tomas\Data aplikací\Dropbox
2014-07-09 17:15 - 2013-04-17 18:55 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-09 17:14 - 2014-03-28 16:57 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-07-09 17:14 - 2012-01-03 15:48 - 00000000 __SHD () C:\WINDOWS\CSC
2014-07-09 17:14 - 2012-01-01 19:23 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-09 17:14 - 2012-01-01 18:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-09 17:14 - 2011-12-30 18:48 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-07-09 17:14 - 2011-12-30 18:48 - 00000048 ____N () C:\WINDOWS\wiaservc.log
2014-07-09 17:14 - 2004-08-18 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-08 21:36 - 2012-01-01 18:08 - 00032610 ____N () C:\WINDOWS\SchedLgU.Txt
2014-07-08 21:00 - 2012-01-01 19:23 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 20:03 - 2012-07-24 19:58 - 00000992 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1085031214-725345543-1004UA.job
2014-07-08 20:03 - 2012-07-24 19:58 - 00000970 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1085031214-725345543-1004Core.job
2014-07-08 19:34 - 2012-04-08 22:49 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 19:34 - 2012-01-10 21:58 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 19:25 - 2014-03-28 16:57 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-07-07 22:06 - 2012-01-01 23:48 - 00000000 ____D () C:\Documents and Settings\Tomas\Data aplikací\ICQ
2014-07-07 22:06 - 2012-01-01 18:38 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-07-07 22:06 - 2012-01-01 18:10 - 00000178 ___SH () C:\Documents and Settings\Tomas\ntuser.ini
2014-07-06 15:00 - 2012-01-01 18:10 - 00000000 ___HD () C:\Documents and Settings\Tomas\Local Settings\Data aplikací
2014-07-05 11:59 - 2014-07-05 11:56 - 00000000 ____D () C:\Documents and Settings\Tomas\Plocha\Nová složka (3)
2014-06-13 12:22 - 2012-07-16 17:25 - 00000000 ____D () C:\Documents and Settings\Tomas\Data aplikací\Skype
2014-06-13 00:05 - 2013-08-04 19:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-13 00:02 - 2012-01-03 21:38 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-09 23:32 - 2014-06-09 22:01 - 00064719 _____ () C:\Documents and Settings\Tomas\Plocha\Gruzie 2013%2F%2F%2F%2F%2F%2F%2F%2F%2FUkraina 2012.xlsx

Some content of TEMP:
====================
C:\Documents and Settings\Tomas\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz5_v_t.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\Run: [Facebook Update] => C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [138096 2012-07-24] (Facebook Inc.)
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {3364fcc4-d0d9-11e1-8aba-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {704df914-c04c-11e1-8a91-ad742de81981} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {95318b84-1e30-11e3-b6c3-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {99dc0180-c929-11e1-8aa7-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {e9bc57dc-b12c-11e1-8a70-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {e9bc57df-b12c-11e1-8a70-0013e883721b} - F:\Launcher.exe
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Update
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BHO: ividi Helper Object - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll (Unitech LLC)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Tomas\Local Settings\Data aplikac\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Extension: (iVidi Chrome Toolbar) - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2013-10-27]
CHR Extension: (IMPI) - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap [2013-02-11]
CHR HKLM\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Program Files\Unitech LLC\ividi\1.8.23.0\ividi.crx [2013-07-25]
S4 IntelIde; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1085031214-725345543-1004UA.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1085031214-725345543-1004Core.job
C:\Documents and Settings\Tomas\Local Settings\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

tak teď už mam Avast bloklej úplně- Hláška ...nelze otevřít, protože byly uplatněny zásady pro omezení softwaru...
wifi taky nejde připojit- parchanti


zde log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:09-07-2014
Ran by Tomas at 2014-07-10 14:39:17 Run:3
Running from C:\Documents and Settings\Tomas\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\Run: [Facebook Update] => C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [138096 2012-07-24] (Facebook Inc.)
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {3364fcc4-d0d9-11e1-8aba-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {704df914-c04c-11e1-8a91-ad742de81981} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {95318b84-1e30-11e3-b6c3-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {99dc0180-c929-11e1-8aa7-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {e9bc57dc-b12c-11e1-8a70-0013e883721b} - F:\Launcher.exe
HKU\S-1-5-21-776561741-1085031214-725345543-1004\...\MountPoints2: {e9bc57df-b12c-11e1-8a70-0013e883721b} - F:\Launcher.exe
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Update
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BHO: ividi Helper Object - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll (Unitech LLC)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Tomas\Local Settings\Data aplikac\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Extension: (iVidi Chrome Toolbar) - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2013-10-27]
CHR Extension: (IMPI) - C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap [2013-02-11]
CHR HKLM\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Program Files\Unitech LLC\ividi\1.8.23.0\ividi.crx [2013-07-25]
S4 IntelIde; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1085031214-725345543-1004UA.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1085031214-725345543-1004Core.job
C:\Documents and Settings\Tomas\Local Settings\Temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value not found.
HKU\S-1-5-21-776561741-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value not found.
'HKU\S-1-5-21-776561741-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3364fcc4-d0d9-11e1-8aba-0013e883721b}'=> Key not found.
'HKCR\CLSID\{3364fcc4-d0d9-11e1-8aba-0013e883721b}'=> Key not found.
'HKU\S-1-5-21-776561741-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{704df914-c04c-11e1-8a91-ad742de81981}'=> Key not found.
'HKCR\CLSID\{704df914-c04c-11e1-8a91-ad742de81981}'=> Key not found.
'HKU\S-1-5-21-776561741-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95318b84-1e30-11e3-b6c3-0013e883721b}'=> Key not found.
'HKCR\CLSID\{95318b84-1e30-11e3-b6c3-0013e883721b}'=> Key not found.
'HKU\S-1-5-21-776561741-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99dc0180-c929-11e1-8aa7-0013e883721b}'=> Key not found.
'HKCR\CLSID\{99dc0180-c929-11e1-8aa7-0013e883721b}'=> Key not found.
'HKU\S-1-5-21-776561741-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9bc57dc-b12c-11e1-8a70-0013e883721b}'=> Key not found.
'HKCR\CLSID\{e9bc57dc-b12c-11e1-8a70-0013e883721b}'=> Key not found.
'HKU\S-1-5-21-776561741-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9bc57df-b12c-11e1-8a70-0013e883721b}'=> Key not found.
'HKCR\CLSID\{e9bc57df-b12c-11e1-8a70-0013e883721b}'=> Key not found.
"C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Update" => File/Directory not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1'=> Key not found.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2'=> Key not found.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3'=> Key not found.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4'=> Key not found.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}'=> Key not found.
'HKCR\CLSID\{8B8B2E80-1444-451D-AC8E-EB9A847F3887}'=> Key not found.
'HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin'=> Key not found.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll not found.
C:\Documents and Settings\Tomas\Local Settings\Data aplikac\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef directory not found.
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap directory not found.
'HKLM\SOFTWARE\Google\Chrome\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef'=> Key not found.
"C:\Program Files\Unitech LLC\ividi\1.8.23.0\ividi.crx" => File/Directory not found.
IntelIde => Service not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job" => File/Directory not found.
"C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1085031214-725345543-1004UA.job" => File/Directory not found.
"C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-776561741-1085031214-725345543-1004Core.job" => File/Directory not found.

"C:\Documents and Settings\Tomas\Local Settings\Temp" directory move:

Could not move "C:\Documents and Settings\Tomas\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd0tejx.lck" => Scheduled to move on reboot.
C:\Documents and Settings\Tomas\Local Settings\Temp\Dutch.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\English.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Finnish.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\French.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\German.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Greek.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Hebrew.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Hungarian.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Italian.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Japanese.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Korean.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Lithuanian.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Norwegian.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Polish.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Portuguese(Brazil).bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Portuguese.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Russian.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\SimChin.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Slovak.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Slovenian.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Spanish.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\SWEDISH.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Thai.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\TradChin.bin => Moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\Turkish.bin => Moved successfully.
Could not move "C:\Documents and Settings\Tomas\Local Settings\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-10 14:49:30)<=

C:\Documents and Settings\Tomas\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd0tejx.lck => Is moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp => Moved successfully.

==== End of Fixlog ====

Smazáno. Nastala nějaká změna?

kraviny už nevyskakují, na seznammejl už se jde dostat... Nefunguje ale antivir Avast hází hlášku viz. příloha

Zkuste Avast přenstalovat.

tak instalace se rozeběhne a tak po 15s se vypne... jako by nic...

Zkuste ho nejdřív odinstalovat pomocí této utility: http://www.avast.com/cs-cz/uninstall-utility . Utilitu spusťte v nouz. režimu. Pak teprve zkuste novou instalaci.

vše se povedlo i instalace, pak se spustil rychlý test a vypnul se. Při spuštění zase hláška ...nelze otevřít, protože byly uplatněny zásady pro omezení softwaru...

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

tak jsem zase musel avast odinstalovat v nouzovém režimu, combo to nechtělo pustit...

zde log:

ComboFix 14-07-08.04 - Tomas 10.07.2014 21:58:38.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2365 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tomas\WINDOWS
c:\program files\IMPI\ExTEnsion32.dll
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-10 do 2014-07-10 )))))))))))))))))))))))))))))))
.
.
2014-07-10 19:21 . 2014-07-10 19:21 -------- d-----w- c:\windows\jumpshot.com
2014-07-10 19:21 . 2014-07-10 19:21 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 08:33 . 2014-07-10 12:37 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\NPE
2014-07-10 08:33 . 2014-07-10 08:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2014-07-09 15:49 . 2014-07-10 12:49 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 17:34 . 2012-04-08 20:49 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 17:34 . 2012-01-10 19:58 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TDispVol"="TDispVol.exe" [2005-12-27 73728]
"TPSMain"="TPSMain.exe" [2005-08-11 266240]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2008-08-07 495616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomas\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Tomas\Data aplikací\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2012-1-1 69632]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 13\\ArchiCAD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Tomas\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Tomas\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.2.2012 23:48 242240]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10.7.2014 21:21 24184]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 IMPI Updater;IMPI Updater;c:\program files\IMPI\ExtensionUpdaterService.exe [11.2.2013 17:04 185856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.6.2012 15:17 160944]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [31.1.2013 16:26 106880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.1.2012 11:26 1691480]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [18.9.2013 20:56 18944]
S3 PAC7311;PLEOMAX PWC-2000;c:\windows\system32\drivers\PA707UCM.SYS [22.8.2012 23:48 150272]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [21.9.2012 12:20 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [21.9.2012 12:20 58496]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 20:42 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:34]
.
2014-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-01 17:23]
.
2014-07-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-07-10 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Anydata ADU-770WH - c:\program files\AnyData\Anydata ADU-770WH\uninstall.exe
AddRemove-Feat2000 - c:\windows\IsUn0405.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-10 22:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1085031214-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-07-10 22:04:48
ComboFix-quarantined-files.txt 2014-07-10 20:04
.
Před spuštěním: Volných bajtů: 18 624 761 856
Po spuštění: Volných bajtů: 19 458 613 248
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B2B542DB03C92606B8346230328AAEC8
413FC2A0C716421B3158746D63736515

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

Regnull::
[HKEY_USERS\S-1-5-21-776561741-1085031214-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přtáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 14-07-11.04 - Tomas 11.07.2014 15:55:36.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2278 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt.txt
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-11 do 2014-07-11 )))))))))))))))))))))))))))))))
.
.
2014-07-10 19:21 . 2014-07-10 19:21 -------- d-----w- c:\windows\jumpshot.com
2014-07-10 19:21 . 2014-07-10 19:21 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 08:33 . 2014-07-10 12:37 -------- d-----w- c:\documents and settings\Tomas\Local Settings\Data aplikací\NPE
2014-07-10 08:33 . 2014-07-10 08:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2014-07-09 15:49 . 2014-07-10 12:49 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 17:34 . 2012-04-08 20:49 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 17:34 . 2012-01-10 19:58 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TDispVol"="TDispVol.exe" [2005-12-27 73728]
"TPSMain"="TPSMain.exe" [2005-08-11 266240]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2008-08-07 495616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomas\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Tomas\Data aplikací\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2012-1-1 69632]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 13\\ArchiCAD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Tomas\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Tomas\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.2.2012 23:48 242240]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10.7.2014 21:21 24184]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 IMPI Updater;IMPI Updater;c:\program files\IMPI\ExtensionUpdaterService.exe [11.2.2013 17:04 185856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.6.2012 15:17 160944]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [31.1.2013 16:26 106880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.1.2012 11:26 1691480]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [18.9.2013 20:56 18944]
S3 PAC7311;PLEOMAX PWC-2000;c:\windows\system32\drivers\PA707UCM.SYS [22.8.2012 23:48 150272]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [21.9.2012 12:20 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [21.9.2012 12:20 58496]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 20:42 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:34]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-01 17:23]
.
2014-07-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-07-11 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 172.20.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-11 16:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1085031214-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1880)
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSMain.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\TPSBattM.exe
c:\windows\RTHDCPL.EXE
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\documents and settings\Tomas\Data aplikací\Dropbox\bin\Dropbox.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
.
**************************************************************************
.
Celkový čas: 2014-07-11 16:08:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-11 14:08
ComboFix2.txt 2014-07-10 20:04
.
Před spuštěním: Volných bajtů: 19 470 094 336
Po spuštění: Volných bajtů: 19 454 439 424
.
- - End Of File - - 2E4ED8884984D114B7C27B32AF2FEB61
413FC2A0C716421B3158746D63736515

po instalaci Avastu zase hláška ...nelze otevřít, protože byly uplatněny zásady pro omezení softwaru

Chybně jste uložil skript (CFScript.txt.txt). Musí být uložen jako CFScript.txt. Zkuste znovu.