VIRY.CZ

Zdravím
chtěl bych poprosit o kontrolu.

Díky

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by zdenek (administrator) on ZDENEK (02-01-2016 13:57:10)
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-11] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D101B019-1149-45F7-B947-ECD828E8996C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> DefaultScope {E935F814-347F-4C77-A317-D908FBAFC049} URL = hxxp://search.eshield.com/serp?guid={88BEA63F-2DEA-4FFD-899C-A5D4E371A8A4}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {599FC29B-02A1-483E-802A-EBC67124D879} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E935F814-347F-4C77-A317-D908FBAFC049} URL = hxxp://search.eshield.com/serp?guid={88BEA63F-2DEA-4FFD-899C-A5D4E371A8A4}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-11] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-05-29] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> No Name - {00011268-E188-40DF-A514-835FCD78B1BF} - No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-22] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-11]

Opera:
=======
OPR StartupUrls: "hxxp://www.centrum.cz/"
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"eapihdrv" => service could not be unlocked. <===== ATTENTION

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-11] (AVAST Software)
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-03-11] (SafeNet Inc.)
S4 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [425352 2014-03-11] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-19] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-11] (AVAST Software)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-02-02] (Phoenix Technologies) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [234888 2014-03-11] (SafeNet Inc.)
S3 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [26248 2011-03-09] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2015-07-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [25434 2000-01-01] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2013-03-05] (Realtek Semiconductor Corporation )
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S5 eapihdrv; <===== ATTENTION: Locked Service
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 13:56 - 2016-01-02 13:57 - 00000000 ____D C:\FRST
2016-01-02 13:04 - 2016-01-02 13:04 - 00000000 ____D C:\Program Files\ESET
2016-01-02 12:38 - 2016-01-02 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-12-27 10:12 - 2015-12-27 10:12 - 00147106 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915-signed.pdf
2015-12-26 13:53 - 2015-12-26 13:53 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Estimate
2015-12-26 13:52 - 2015-12-26 13:52 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\PackageAware
2015-12-21 13:14 - 2015-12-21 13:14 - 00035737 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915.pdf
2015-12-20 09:11 - 2015-12-20 09:11 - 00000000 ____D C:\antitwined
2015-12-20 09:05 - 2015-12-20 09:05 - 00000690 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Anti-Twin.lnk
2015-12-20 08:37 - 2015-12-20 08:37 - 00000060 _____ C:\WINDOWS\Wininit.ini
2015-12-20 08:30 - 2016-01-01 14:00 - 00019882 _____ C:\WINDOWS\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-77f3-1
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-0ca1-0
2015-12-20 08:19 - 2015-12-20 09:20 - 00000000 ____D C:\WINDOWS\system32\oodag
2015-12-20 08:18 - 2015-12-20 08:18 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\O&O
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Program Files\OO Software
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\O&O Software
2015-12-20 08:06 - 2015-12-20 09:47 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Smart PC Solutions
2015-12-19 09:29 - 2015-12-19 09:29 - 00042496 _____ C:\Documents and Settings\zdenek\Plocha\rozpočet_Pavel_Calta.xls
2015-12-17 17:05 - 2015-12-17 19:14 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Nová složka (2)
2015-12-16 19:58 - 2015-12-26 12:10 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\vlc
2015-12-16 19:58 - 2015-12-16 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\VideoLAN
2015-12-11 13:53 - 2015-12-11 13:52 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-11 13:52 - 2015-12-11 13:52 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-07 10:39 - 2015-12-07 12:24 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\p. juhas

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 13:57 - 2015-03-14 18:42 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Temp
2016-01-02 13:57 - 2013-08-09 06:39 - 00000000 ___RD C:\Documents and Settings\zdenek\Plocha\Čištění
2016-01-02 13:56 - 2013-08-07 07:43 - 00000000 ____D C:\WINDOWS
2016-01-02 13:56 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha
2016-01-02 13:54 - 2015-10-14 07:09 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-01-02 13:19 - 2013-11-14 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2016-01-02 12:38 - 2013-08-07 07:50 - 00000000 ____D C:\Documents and Settings\All Users
2016-01-02 11:03 - 2013-08-07 06:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-02 09:49 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek
2016-01-01 21:37 - 2013-08-07 06:08 - 00000178 ___SH C:\Documents and Settings\zdenek\ntuser.ini
2016-01-01 21:37 - 2013-08-07 06:06 - 00032622 ____N C:\WINDOWS\SchedLgU.Txt
2016-01-01 20:39 - 2013-07-26 12:22 - 00100352 _____ C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-01 13:08 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-31 11:26 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Skype
2015-12-30 13:33 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-12-30 13:32 - 2015-06-27 16:22 - 00000000 ___RD C:\Program Files\Skype
2015-12-30 13:32 - 2014-02-20 19:51 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Skype
2015-12-30 13:32 - 2013-08-07 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-12-30 11:18 - 2014-08-03 18:44 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 11:18 - 2013-08-09 18:31 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-30 11:18 - 2013-08-09 18:31 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-27 07:30 - 2013-08-07 07:51 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-12-26 13:53 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Local Settings\Data aplikací
2015-12-21 13:07 - 2015-10-20 12:14 - 00000000 ____D C:\AdmWin
2015-12-21 07:07 - 2015-10-02 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-12-21 07:07 - 2013-08-09 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Grafika
2015-12-20 09:29 - 2013-10-27 06:34 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\TEMP
2015-12-20 09:26 - 2014-02-01 07:56 - 00000000 ____D C:\Documents and Settings\zdenek\Dokumenty\ShareX
2015-12-20 09:26 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Šablony
2015-12-20 09:05 - 2014-09-28 05:57 - 00000000 ____D C:\Program Files\AntiTwin
2015-12-20 08:39 - 2015-11-18 07:28 - 00000000 ____D C:\Program Files\SpeedFan
2015-12-20 08:39 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Nabídka Start\Programy
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\ConMet
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ConMet
2015-12-20 08:36 - 2013-08-07 06:08 - 00000000 __RHD C:\Documents and Settings\zdenek\Data aplikací
2015-12-20 08:17 - 2013-08-23 06:43 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Downloaded Installations
2015-12-20 08:13 - 2013-08-07 07:50 - 00000211 __RSH C:\boot.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000649 _____ C:\WINDOWS\win.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-20 06:49 - 2013-08-10 07:05 - 00000000 ____D C:\Program Files\CCleaner
2015-12-19 01:53 - 2015-10-14 07:09 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-19 01:53 - 2015-10-14 07:09 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-18 07:28 - 2013-08-10 06:11 - 00000000 ____D C:\Program Files\Opera
2015-12-12 08:15 - 2013-08-20 15:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-12 08:14 - 2013-08-10 09:05 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-11 13:55 - 2013-08-07 07:43 - 00000000 ___HD C:\WINDOWS\inf
2015-12-11 13:52 - 2015-10-14 07:09 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

==================== Files in the root of some directories =======

2013-11-03 08:06 - 2013-11-03 08:25 - 0000000 ____C () C:\Documents and Settings\zdenek\Data aplikací\bitlord_log.txt
2013-07-26 12:22 - 2016-01-01 20:39 - 0100352 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 20:37 - 2015-03-07 20:37 - 0000830 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\recently-used.xbel
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 ____C () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\setup.txt
2013-08-10 10:59 - 2013-08-10 10:59 - 0000057 ____C () C:\Documents and Settings\All Users\Data aplikací\Ament.ini

Files to move or delete:
====================
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job

Some files in TEMP:
====================
C:\Documents and Settings\zdenek\Local Settings\Temp\kis_setup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v5.027 - Logfile created 02/01/2016 at 16:38:02
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : zdenek - ZDENEK
# Running from : C:\Documents and Settings\zdenek\Plocha\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\zdenek\Data aplikací\Solvusoft
[-] Folder Deleted : C:\Documents and Settings\zdenek\Local Settings\Data aplikací\PackageAware
[-] Folder Deleted : C:\Documents and Settings\zdenek\Local Settings\Data aplikací\slimware utilities inc

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{00011268-E188-40DF-A514-835FCD78B1BF}]
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\SlimWare Utilities Inc
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E935F814-347F-4C77-A317-D908FBAFC049}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E935F814-347F-4C77-A317-D908FBAFC049}
[-] Data Restored : HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5837 bytes] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by zdenek (administrator) on ZDENEK (02-01-2016 16:49:22)
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-11] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D101B019-1149-45F7-B947-ECD828E8996C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {599FC29B-02A1-483E-802A-EBC67124D879} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
SearchScopes: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-11] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-484763869-1767777339-1606980848-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-05-29] (Společnost Microsoft)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-22] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-11]

Opera:
=======
OPR StartupUrls: "hxxp://www.centrum.cz/"
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=14362960 ... AM91456594

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-11] (AVAST Software)
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [4683144 2014-03-11] (SafeNet Inc.)
S4 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [425352 2014-03-11] (SafeNet Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-19] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-11] (AVAST Software)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-02-02] (Phoenix Technologies) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [234888 2014-03-11] (SafeNet Inc.)
S3 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [26248 2011-03-09] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2015-07-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [25434 2000-01-01] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2013-03-05] (Realtek Semiconductor Corporation )
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 catchme; \??\C:\DOCUME~1\zdenek\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 16:33 - 2016-01-02 16:38 - 00000000 ____D C:\AdwCleaner
2016-01-02 16:31 - 2016-01-02 16:32 - 01745920 _____ C:\Documents and Settings\zdenek\Plocha\adwcleaner_5.027.exe
2016-01-02 13:56 - 2016-01-02 16:49 - 00000000 ____D C:\FRST
2016-01-02 13:04 - 2016-01-02 13:04 - 00000000 ____D C:\Program Files\ESET
2016-01-02 12:38 - 2016-01-02 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-30 13:32 - 2015-12-30 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-12-27 10:12 - 2015-12-27 10:12 - 00147106 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915-signed.pdf
2015-12-26 13:53 - 2015-12-26 13:53 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Estimate
2015-12-21 13:14 - 2015-12-21 13:14 - 00035737 _____ C:\Documents and Settings\zdenek\Plocha\FAKTURA 915.pdf
2015-12-20 09:11 - 2015-12-20 09:11 - 00000000 ____D C:\antitwined
2015-12-20 09:05 - 2015-12-20 09:05 - 00000690 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Anti-Twin.lnk
2015-12-20 08:37 - 2015-12-20 08:37 - 00000060 _____ C:\WINDOWS\Wininit.ini
2015-12-20 08:30 - 2016-01-02 14:00 - 00019882 _____ C:\WINDOWS\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-77f3-1
2015-12-20 08:30 - 2015-12-20 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ecd7e2b9-0ca1-0
2015-12-20 08:19 - 2015-12-20 09:20 - 00000000 ____D C:\WINDOWS\system32\oodag
2015-12-20 08:18 - 2015-12-20 08:18 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\O&O
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Program Files\OO Software
2015-12-20 08:17 - 2015-12-20 08:17 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\O&O Software
2015-12-20 08:06 - 2015-12-20 09:47 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Smart PC Solutions
2015-12-19 09:29 - 2015-12-19 09:29 - 00042496 _____ C:\Documents and Settings\zdenek\Plocha\rozpočet_Pavel_Calta.xls
2015-12-17 17:05 - 2015-12-17 19:14 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Nová složka (2)
2015-12-16 19:58 - 2015-12-26 12:10 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\vlc
2015-12-16 19:58 - 2015-12-16 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\VideoLAN
2015-12-11 13:53 - 2015-12-11 13:52 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-11 13:52 - 2015-12-11 13:52 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-07 10:39 - 2015-12-07 12:24 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\p. juhas

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 16:49 - 2015-03-14 18:42 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Temp
2016-01-02 16:49 - 2013-08-09 06:39 - 00000000 ___RD C:\Documents and Settings\zdenek\Plocha\Čištění
2016-01-02 16:49 - 2013-08-07 07:43 - 00000000 ____D C:\WINDOWS
2016-01-02 16:48 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha
2016-01-02 16:41 - 2015-10-14 07:09 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-01-02 16:40 - 2013-08-07 06:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-02 16:39 - 2013-08-07 06:08 - 00000178 ___SH C:\Documents and Settings\zdenek\ntuser.ini
2016-01-02 16:39 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek
2016-01-02 16:39 - 2013-08-07 06:06 - 00032622 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-02 16:38 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Local Settings\Data aplikací
2016-01-02 15:21 - 2013-07-26 12:22 - 00099328 _____ C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-02 13:19 - 2013-11-14 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2016-01-02 12:38 - 2013-08-07 07:50 - 00000000 ____D C:\Documents and Settings\All Users
2016-01-01 13:08 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-31 11:26 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\Skype
2015-12-30 13:33 - 2013-07-26 06:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-12-30 13:32 - 2015-06-27 16:22 - 00000000 ___RD C:\Program Files\Skype
2015-12-30 13:32 - 2014-02-20 19:51 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Skype
2015-12-30 13:32 - 2013-08-07 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-12-30 11:18 - 2014-08-03 18:44 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 11:18 - 2013-08-09 18:31 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-30 11:18 - 2013-08-09 18:31 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-27 07:30 - 2013-08-07 07:51 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-12-21 13:07 - 2015-10-20 12:14 - 00000000 ____D C:\AdmWin
2015-12-21 07:07 - 2015-10-02 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-12-21 07:07 - 2013-08-09 06:39 - 00000000 ____D C:\Documents and Settings\zdenek\Plocha\Grafika
2015-12-20 09:29 - 2013-10-27 06:34 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\TEMP
2015-12-20 09:26 - 2014-02-01 07:56 - 00000000 ____D C:\Documents and Settings\zdenek\Dokumenty\ShareX
2015-12-20 09:26 - 2013-08-07 06:08 - 00000000 ___HD C:\Documents and Settings\zdenek\Šablony
2015-12-20 09:05 - 2014-09-28 05:57 - 00000000 ____D C:\Program Files\AntiTwin
2015-12-20 08:39 - 2015-11-18 07:28 - 00000000 ____D C:\Program Files\SpeedFan
2015-12-20 08:39 - 2013-08-07 06:08 - 00000000 ____D C:\Documents and Settings\zdenek\Nabídka Start\Programy
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\zdenek\Data aplikací\ConMet
2015-12-20 08:37 - 2015-10-23 17:52 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ConMet
2015-12-20 08:36 - 2013-08-07 06:08 - 00000000 __RHD C:\Documents and Settings\zdenek\Data aplikací
2015-12-20 08:17 - 2013-08-23 06:43 - 00000000 ____D C:\Documents and Settings\zdenek\Local Settings\Data aplikací\Downloaded Installations
2015-12-20 08:13 - 2013-08-07 07:50 - 00000211 __RSH C:\boot.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000649 _____ C:\WINDOWS\win.ini
2015-12-20 08:13 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-20 06:49 - 2013-08-10 07:05 - 00000000 ____D C:\Program Files\CCleaner
2015-12-19 01:53 - 2015-10-14 07:09 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-19 01:53 - 2015-10-14 07:09 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-18 07:28 - 2013-08-10 06:11 - 00000000 ____D C:\Program Files\Opera
2015-12-12 08:15 - 2013-08-20 15:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-12 08:14 - 2013-08-10 09:05 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-11 13:55 - 2013-08-07 07:43 - 00000000 ___HD C:\WINDOWS\inf
2015-12-11 13:52 - 2015-10-14 07:09 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-11 13:52 - 2015-10-14 07:09 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

==================== Files in the root of some directories =======

2013-11-03 08:06 - 2013-11-03 08:25 - 0000000 ____C () C:\Documents and Settings\zdenek\Data aplikací\bitlord_log.txt
2013-07-26 12:22 - 2016-01-02 15:21 - 0099328 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 20:37 - 2015-03-07 20:37 - 0000830 _____ () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\recently-used.xbel
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 ____C () C:\Documents and Settings\zdenek\Local Settings\Data aplikací\setup.txt
2013-08-10 10:59 - 2013-08-10 10:59 - 0000057 ____C () C:\Documents and Settings\All Users\Data aplikací\Ament.ini

Files to move or delete:
====================
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job

Some files in TEMP:
====================
C:\Documents and Settings\zdenek\Local Settings\Temp\kis_setup.exe
C:\Documents and Settings\zdenek\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
C:\Documents and Settings\zdenek\Local Settings\Temp
End

Uložte do C:\Documents and Settings\zdenek\Plocha\Čištění jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by zdenek (2016-01-02 18:20:49) Run:1
Running from C:\Documents and Settings\zdenek\Plocha\Čištění
Loaded Profiles: zdenek (Available Profiles: zdenek)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-484763869-1767777339-1606980848-1004\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.oursurfing.com/?type=sc&ts=1 ... AM91456594
S0 exaclojc; System32\drivers\wcjmycbp.sys [X]
S0 hcdb; System32\drivers\dprxy.sys [X]
S3 UltraMonMirror; system32\DRIVERS\UltraMonMirror.sys [X]
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job
C:\Documents and Settings\zdenek\Local Settings\Temp
End
*****************

HKU\S-1-5-21-484763869-1767777339-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera.exe\shell\open\command\\Default => value restored successfully
exaclojc => service removed successfully.
hcdb => service removed successfully.
UltraMonMirror => service removed successfully.
C:\Windows\Tasks\{0E087E47-0904-7F7A-0411-797F0A05110B}.job => moved successfully
C:\Documents and Settings\zdenek\Local Settings\Temp => moved successfully

==== End of Fixlog 18:20:49 ====

Vše smazáno. PC by již měl být čistý.

díky moc

Rádo se stalo!

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu