VIRY.CZ

Dobrý den, cca měsíc zpět jsem začal pozorovat, že se automaticky ani manuálně nestahují aktualizace windows ani aktualizace Microsoft Security Essentials, ten jsem odinstaloval nicméně stejný problém byl i u avastu, avg. Nejde nainstalovat ani firefox. Eset online scanner nic nenašel, ale zdá se mi to divné. PC jinak funguje. Děkuji za pomoc


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017
Ran by pc (administrator) on PC-PC (02-02-2017 21:59:45)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\INSTALL\ychat_ghey_portable_edition\X-Chat 2.8.6-2 Portable for Windows-HiGH\X-Chat 2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\pc\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3281600 2016-03-03] (Disc Soft Ltd)
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\MountPoints2: {81bc9f51-37b7-11e6-aa57-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\MountPoints2: {c7f30304-21f9-11e6-8de4-a0f3c123d3a5} - F:\rogue.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9741C8CD-8532-4827-A9A0-33A32799ED1E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A13AA0D1-E2C7-47C0-B2E9-E5DAF627C205}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-01-29] [not signed]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://radar.bourky.cz/
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2017-02-02]
CHR Extension: (Prezentace Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-29]
CHR Extension: (Dokumenty Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-29]
CHR Extension: (Disk Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-29]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-29]
CHR Extension: (Forecastfox (fix version)) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljdehmejbffnfiiicckjhafabdepnd [2016-11-08]
CHR Extension: (Adblock Plus) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-08]
CHR Extension: (Vyhledávání Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-29]
CHR Extension: (Tabulky Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082560 2016-03-03] (Disc Soft Ltd) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)
S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-05-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-05-24] (Disc Soft Ltd)
S3 EverestDriver; C:\INSTALL\everest\EVEREST Ultimate.Edition.5.30.1964\everestultimate_build_1964_p2djkdk8ytx\kerneld.wnt [27760 2009-10-09] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [65024 2007-09-29] (JMicron Technology Corp.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-10] (Společnost Microsoft)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U0 aswVmm; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 21:59 - 2017-02-02 22:00 - 00012074 _____ C:\Users\pc\Desktop\FRST.txt
2017-02-02 21:59 - 2017-02-02 21:59 - 00000000 ____D C:\FRST
2017-02-02 21:58 - 2017-02-02 21:58 - 00112640 _____ (forum.viry.cz) C:\Users\pc\Desktop\Nepotvrzeno 155097.crdownload
2017-02-02 21:57 - 2017-02-02 21:58 - 00112640 _____ (forum.viry.cz) C:\Users\pc\Desktop\FRSTLauncher.exe
2017-02-02 21:57 - 2017-02-02 21:57 - 01762816 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2017-02-02 21:23 - 2017-02-02 21:23 - 00000000 ____D C:\Users\pc\Desktop\VYPSANA_FIXA_2017_MP3
2017-02-02 21:21 - 2017-02-02 21:22 - 110116509 _____ C:\Users\pc\Desktop\VYPSANA_FIXA_2017_MP3.zip
2017-01-31 17:41 - 2017-01-31 18:34 - 00000000 ____D C:\Users\pc\Desktop\Der Staat gegen Fritz Bauer (2015)
2017-01-28 13:10 - 2017-01-28 14:23 - 1523289728 _____ C:\Users\pc\Desktop\Zlodeji.zelenych.koni.2016.480p.DVDRip.XviD.AC3.CZ .avi
2017-01-27 21:22 - 2017-01-27 21:22 - 00000606 _____ C:\Users\pc\Desktop\hl2 – zástupce.lnk
2017-01-21 20:50 - 2017-01-21 20:50 - 228650550 _____ C:\Windows\MEMORY.DMP
2017-01-21 20:50 - 2017-01-21 20:50 - 00141944 _____ C:\Windows\Minidump\Mini012117-01.dmp
2017-01-14 18:09 - 2017-01-27 18:32 - 00000000 ____D C:\Program Files\LucasArts
2017-01-14 18:08 - 1997-01-18 10:40 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2017-01-13 20:48 - 2012-05-01 15:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2017-01-13 19:37 - 2017-01-13 19:42 - 00001887 _____ C:\Windows\diagwrn.xml
2017-01-13 19:37 - 2017-01-13 19:42 - 00001887 _____ C:\Windows\diagerr.xml
2017-01-13 19:37 - 2017-01-13 19:37 - 00000000 ____D C:\$WINDOWS.~BT
2017-01-10 22:05 - 2017-01-10 22:05 - 00000000 ____D C:\Users\pc\AppData\Local\ESET
2017-01-10 21:51 - 2017-01-30 20:17 - 06770304 _____ (ESET spol. s r.o.) C:\Users\pc\Desktop\ESETOnlineScanner_CSY.exe
2017-01-10 21:33 - 2017-01-10 21:33 - 00000000 ____D C:\dff8ffb1c4bbe2deb318c16012877875
2017-01-10 21:27 - 2017-01-10 22:05 - 00000000 ____D C:\ProgramData\Avg
2017-01-10 21:27 - 2017-01-10 22:04 - 00000000 ____D C:\Users\pc\AppData\Local\AvgSetupLog
2017-01-10 21:27 - 2017-01-10 21:27 - 00000000 ____D C:\Users\pc\AppData\Local\Avg
2017-01-10 21:20 - 2017-01-10 21:20 - 00000000 ____D C:\Users\pc\Downloads\SafeZone Installer
2017-01-10 21:02 - 2017-01-10 21:02 - 00000000 ____D C:\277912b8fe36f0eda33f69bdc26e26fe
2017-01-10 20:47 - 2017-01-10 20:47 - 00000000 ____D C:\Users\pc\AppData\Local\CEF
2017-01-10 18:21 - 2017-01-10 18:21 - 00000000 ____D C:\2f006d61b91857478bee8928bae33e2b
2017-01-10 18:18 - 2017-01-10 18:17 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2017-01-10 18:14 - 2017-01-10 21:23 - 00000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 21:56 - 2006-11-02 13:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-02 21:56 - 2006-11-02 13:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-02 20:22 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-01 15:11 - 2006-11-02 14:01 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-31 16:57 - 2016-05-24 21:06 - 00000000 ____D C:\Program Files\SpeedFan
2017-01-27 21:22 - 2016-05-26 14:30 - 00000000 ____D C:\games
2017-01-23 19:58 - 2016-01-30 03:10 - 00607226 _____ C:\Windows\system32\perfh005.dat
2017-01-23 19:58 - 2016-01-30 03:10 - 00117890 _____ C:\Windows\system32\perfc005.dat
2017-01-23 19:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2017-01-23 19:58 - 2006-11-02 11:33 - 01418230 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-21 20:50 - 2016-08-18 21:44 - 00000000 ____D C:\Windows\Minidump
2017-01-15 14:51 - 2016-11-11 20:20 - 00000000 ____D C:\Users\pc\Desktop\Finding.Dory.2016.BRRip.XViD-ETRG
2017-01-10 17:59 - 2016-01-29 19:47 - 00001912 _____ C:\Windows\epplauncher.mif
2017-01-06 23:38 - 2016-05-24 22:59 - 00000000 ____D C:\Users\pc\AppData\Roaming\DAEMON Tools Lite

==================== Files in the root of some directories =======

2016-07-01 16:19 - 2016-07-01 16:31 - 0000000 _____ () C:\Users\pc\AppData\Roaming\AVSMediaPlayer.m3u
2017-01-01 12:52 - 2017-01-01 13:20 - 0000115 _____ () C:\Users\pc\AppData\Roaming\LogFile.txt
2016-01-29 18:32 - 2016-01-29 20:27 - 0000680 _____ () C:\Users\pc\AppData\Local\d3d9caps.dat
2016-07-01 19:04 - 2016-07-06 15:54 - 0003584 _____ () C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2017-01-13 21:13 - 2017-01-31 16:57 - 0192512 _____ () C:\Users\pc\AppData\Local\Temp\sfamcc00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\pc\Desktop" je 11158 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
C:\Program Files\Winamp\winampa.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.043 - Log vytvořen 02/02/2017 v 22:34:58
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-02.2 [Server]
# Operační systém : Windows Vista (TM) Business Service Pack 2 (X86)
# Uživatelské jméno : pc - PC-PC
# Spuštěno z : C:\Users\pc\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\pc\AppData\Roaming\ParetoLogic
[#] Složka smazána po restartu: C:\Users\pc\AppData\Roaming\PARETOLOGIC
[-] Složka smazána: C:\ProgramData\ParetoLogic
[#] Složka smazána po restartu: C:\ProgramData\PARETOLOGIC
[#] Složka smazána po restartu: C:\ProgramData\Application Data\ParetoLogic
[#] Složka smazána po restartu: C:\ProgramData\Application Data\PARETOLOGIC


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-49216705-2605585009-2739692627-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-49216705-2605585009-2739692627-1000\Software\ParetoLogic
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\ParetoLogic
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\ParetoLogic


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1599 Bajty] - [02/02/2017 22:34:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [1948 Bajty] - [02/02/2017 22:33:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1745 Bajty] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017
Ran by pc (administrator) on PC-PC (03-02-2017 17:27:35)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\INSTALL\ychat_ghey_portable_edition\X-Chat 2.8.6-2 Portable for Windows-HiGH\X-Chat 2.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\pc\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3281600 2016-03-03] (Disc Soft Ltd)
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\MountPoints2: {81bc9f51-37b7-11e6-aa57-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\MountPoints2: {c7f30304-21f9-11e6-8de4-a0f3c123d3a5} - F:\rogue.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9741C8CD-8532-4827-A9A0-33A32799ED1E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A13AA0D1-E2C7-47C0-B2E9-E5DAF627C205}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-01-29] [not signed]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://radar.bourky.cz/
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2017-02-03]
CHR Extension: (Prezentace Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-29]
CHR Extension: (Dokumenty Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-29]
CHR Extension: (Disk Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-29]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-29]
CHR Extension: (Forecastfox (fix version)) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljdehmejbffnfiiicckjhafabdepnd [2016-11-08]
CHR Extension: (Adblock Plus) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-08]
CHR Extension: (Vyhledávání Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-29]
CHR Extension: (Tabulky Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082560 2016-03-03] (Disc Soft Ltd) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)
S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-05-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-05-24] (Disc Soft Ltd)
S3 EverestDriver; C:\INSTALL\everest\EVEREST Ultimate.Edition.5.30.1964\everestultimate_build_1964_p2djkdk8ytx\kerneld.wnt [27760 2009-10-09] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [65024 2007-09-29] (JMicron Technology Corp.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-10] (Společnost Microsoft)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U0 aswVmm; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-03 17:27 - 2017-02-03 17:27 - 00011832 _____ C:\Users\pc\Desktop\FRST.txt
2017-02-02 22:32 - 2017-02-02 22:34 - 00000000 ____D C:\AdwCleaner
2017-02-02 22:31 - 2017-02-02 22:31 - 04015056 _____ C:\Users\pc\Desktop\adwcleaner_6.043.exe
2017-02-02 22:02 - 2017-02-02 22:02 - 00004001 _____ C:\Users\pc\Desktop\Addition.zip
2017-02-02 21:59 - 2017-02-02 21:59 - 00000000 ____D C:\FRST
2017-02-02 21:57 - 2017-02-02 21:58 - 00112640 _____ (forum.viry.cz) C:\Users\pc\Desktop\FRSTLauncher.exe
2017-02-02 21:57 - 2017-02-02 21:57 - 01762816 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2017-01-31 17:41 - 2017-01-31 18:34 - 00000000 ____D C:\Users\pc\Desktop\Der Staat gegen Fritz Bauer (2015)
2017-01-28 13:10 - 2017-01-28 14:23 - 1523289728 _____ C:\Users\pc\Desktop\Zlodeji.zelenych.koni.2016.480p.DVDRip.XviD.AC3.CZ .avi
2017-01-27 21:22 - 2017-01-27 21:22 - 00000606 _____ C:\Users\pc\Desktop\hl2 – zástupce.lnk
2017-01-21 20:50 - 2017-01-21 20:50 - 228650550 _____ C:\Windows\MEMORY.DMP
2017-01-21 20:50 - 2017-01-21 20:50 - 00141944 _____ C:\Windows\Minidump\Mini012117-01.dmp
2017-01-14 18:09 - 2017-01-27 18:32 - 00000000 ____D C:\Program Files\LucasArts
2017-01-14 18:08 - 1997-01-18 10:40 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2017-01-13 20:48 - 2012-05-01 15:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2017-01-13 19:37 - 2017-01-13 19:42 - 00001887 _____ C:\Windows\diagwrn.xml
2017-01-13 19:37 - 2017-01-13 19:42 - 00001887 _____ C:\Windows\diagerr.xml
2017-01-13 19:37 - 2017-01-13 19:37 - 00000000 ____D C:\$WINDOWS.~BT
2017-01-10 22:05 - 2017-01-10 22:05 - 00000000 ____D C:\Users\pc\AppData\Local\ESET
2017-01-10 21:51 - 2017-01-30 20:17 - 06770304 _____ (ESET spol. s r.o.) C:\Users\pc\Desktop\ESETOnlineScanner_CSY.exe
2017-01-10 21:33 - 2017-01-10 21:33 - 00000000 ____D C:\dff8ffb1c4bbe2deb318c16012877875
2017-01-10 21:27 - 2017-01-10 22:05 - 00000000 ____D C:\ProgramData\Avg
2017-01-10 21:27 - 2017-01-10 22:04 - 00000000 ____D C:\Users\pc\AppData\Local\AvgSetupLog
2017-01-10 21:27 - 2017-01-10 21:27 - 00000000 ____D C:\Users\pc\AppData\Local\Avg
2017-01-10 21:20 - 2017-01-10 21:20 - 00000000 ____D C:\Users\pc\Downloads\SafeZone Installer
2017-01-10 21:02 - 2017-01-10 21:02 - 00000000 ____D C:\277912b8fe36f0eda33f69bdc26e26fe
2017-01-10 20:47 - 2017-01-10 20:47 - 00000000 ____D C:\Users\pc\AppData\Local\CEF
2017-01-10 18:21 - 2017-01-10 18:21 - 00000000 ____D C:\2f006d61b91857478bee8928bae33e2b
2017-01-10 18:18 - 2017-01-10 18:17 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2017-01-10 18:14 - 2017-01-10 21:23 - 00000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 22:36 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-02 22:36 - 2006-11-02 13:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-02 22:36 - 2006-11-02 13:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-02 22:35 - 2006-11-02 14:01 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-31 16:57 - 2016-05-24 21:06 - 00000000 ____D C:\Program Files\SpeedFan
2017-01-27 21:22 - 2016-05-26 14:30 - 00000000 ____D C:\games
2017-01-23 19:58 - 2016-01-30 03:10 - 00607226 _____ C:\Windows\system32\perfh005.dat
2017-01-23 19:58 - 2016-01-30 03:10 - 00117890 _____ C:\Windows\system32\perfc005.dat
2017-01-23 19:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2017-01-23 19:58 - 2006-11-02 11:33 - 01418230 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-21 20:50 - 2016-08-18 21:44 - 00000000 ____D C:\Windows\Minidump
2017-01-15 14:51 - 2016-11-11 20:20 - 00000000 ____D C:\Users\pc\Desktop\Finding.Dory.2016.BRRip.XViD-ETRG
2017-01-10 17:59 - 2016-01-29 19:47 - 00001912 _____ C:\Windows\epplauncher.mif
2017-01-06 23:38 - 2016-05-24 22:59 - 00000000 ____D C:\Users\pc\AppData\Roaming\DAEMON Tools Lite

==================== Files in the root of some directories =======

2016-07-01 16:19 - 2016-07-01 16:31 - 0000000 _____ () C:\Users\pc\AppData\Roaming\AVSMediaPlayer.m3u
2017-01-01 12:52 - 2017-01-01 13:20 - 0000115 _____ () C:\Users\pc\AppData\Roaming\LogFile.txt
2016-01-29 18:32 - 2016-01-29 20:27 - 0000680 _____ () C:\Users\pc\AppData\Local\d3d9caps.dat
2016-07-01 19:04 - 2016-07-06 15:54 - 0003584 _____ () C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2017-01-13 21:13 - 2017-01-31 16:57 - 0192512 _____ () C:\Users\pc\AppData\Local\Temp\sfamcc00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\pc\Desktop" je 10918 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
C:\Program Files\Winamp\winampa.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Program Files\Bonjour
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\MountPoints2: {81bc9f51-37b7-11e6-aa57-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\MountPoints2: {c7f30304-21f9-11e6-8de4-a0f3c123d3a5} - F:\rogue.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
U0 aswVmm; no ImagePath
C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\pc\Desktop" je 10918 MB.

To je příliš mnoho a může to způsobovat zpomalený start systému. Vytvořte v C:\Users\pc novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017
Ran by pc (03-02-2017 18:14:32) Run:1
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
C:\Program Files\Bonjour
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\MountPoints2: {81bc9f51-37b7-11e6-aa57-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\...\MountPoints2: {c7f30304-21f9-11e6-8de4-a0f3c123d3a5} - F:\rogue.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
U0 aswVmm; no ImagePath
C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

C:\Program Files\Bonjour => moved successfully
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81bc9f51-37b7-11e6-aa57-806e6f6e6963} => key removed successfully.
HKCR\CLSID\{81bc9f51-37b7-11e6-aa57-806e6f6e6963} => key not found.
HKU\S-1-5-21-49216705-2605585009-2739692627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7f30304-21f9-11e6-8de4-a0f3c123d3a5} => key removed successfully.
HKCR\CLSID\{c7f30304-21f9-11e6-8de4-a0f3c123d3a5} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully.
aswVmm => service removed successfully.
C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10526747 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 14547477 B
Edge => 0 B
Chrome => 407179861 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 66228 B
NetworkService => 2672540 B
pc => 97013199 B

RecycleBin => 0 B
EmptyTemp: => 515.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:15:09 ====




Plochu jsem vyčistil..

Smazáno. Nastala nějaká změna?

Zdá se že ne. Stahování aktualizací běží, ale je zaseklé na 0kB dokončeno 0%. Instalátor firefoxu se nespustil, není ani ve správci úloh

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 03.02.17
Čas skenování: 20:22
Logovací soubor: mw.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.50
Aktualizovat verzi balíku komponent: 1.0.1064
Licence: Zkušební

-Systémová informace-
OS: Windows Vista Service Pack 2
CPU: x86
Systém souborů: NTFS
Uživatel: PC-PC\pc

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 255599
Uplynulý čas: 4 min, 25 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Virus problém nezpůsobuje. Ty aktualizace buď ponechte do příštích prvidelných (příští středa), nebo použijte WUFix: http://www.smartestcomputing.us.com/top ... pdate-fix/ .

Díky moc, zkusím to. Podařilo se mi alespoň nainstalovat antivir..

OK, není zač!