VIRY.CZ

Dobrý večer,prosím o pomoc. Začalo to tím,že jsem aktualizoval firewall Comodo. Aktualizace přinesla do systému viry a Comodo bylo nefunkční. Na jiném počítači na kterém mám také Comodo a windows 10 byla situace stejná,ale podařilo se mi ty viry odstranit. Na tomto počítači s Windows xp viry odstranit nejdou a proto jsem místo Comoda dal Sunbelt Personal firewall. Ten běží,ale nejde aktualizovat. V aktualizačním okně nejdříve vidím jak se stahne nová verze,ale jako další krok je pouze odinstalace. Takže se odinstaluje a po restartu se nová verze už neukáže.
Počítač jsem projel několika antiviry,ale pouze jeden nějaké našel. Bohužel bez placení viry oddinstalovat nechce. Našel nějaký rootkit a další dva viry s názvem agent. Jeden měl v adresáři napsáno ccavinstaller. To samé se objevuje po staru windows jako chybová hláška v okně s názvem windows script host. Doufám,že jsem to napsal trochu srozumitelně a předem děkuji za odpověď.

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Omlouvám se chtěl jsem ten log přiložit rovnou,ale zapoměl jsem na to.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Uživatel (administrator) on DELL-CBA1F734F4 (14-04-2017 11:25:07)
Running from C:\Documents and Settings\Uživatel\Plocha
Loaded Profiles: Uživatel (Available Profiles: Uživatel)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-06-22] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2015-12-23] ()
HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-23] (Piriform Ltd)
HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\...\Run: [CCAVInstaller] => wscript.exe "C:\Documents and Settings\Uživatel\Local Settings\Temp\CCAVInstaller.vbs" <===== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-04-05] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{F4A7BFE1-A628-4B7B-B679-609D9D79B080}: [DhcpNameServer] 10.255.255.10 10.255.255.20

Internet Explorer:
==================
HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)

FireFox:
========
FF DefaultProfile: 5hljfr1n.default
FF ProfilePath: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hljfr1n.default [2017-04-14]
FF Homepage: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hljfr1n.default -> hxxps://www.seznam.cz/
about:preferences
FF Extension: (Seznam lištička) - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hljfr1n.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-11-18] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-05]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR NewTab: Default -> "active": true,
"entry": "chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"

CHR Profile: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2017-04-13]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-27]
CHR Extension: (Disk Google) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27]
CHR Extension: (Seznam Lištička - Email) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-04-10]
CHR Extension: (Seznam Lištička - Slovník) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-04-10]
CHR Extension: (YouTube) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-10]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-28]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-28]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-10]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-04-10]
CHR Extension: (Gmail) - C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-04-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
R2 SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [95528 2008-10-31] (Sunbelt Software, Inc.)
R2 SPF4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [1365288 2008-10-31] (Sunbelt Software, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255184 2017-04-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [148208 2017-04-05] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [267528 2017-04-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [41176 2017-04-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-04-05] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [31064 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [106904 2017-04-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60760 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-04-05] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [764064 2017-04-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [472760 2017-04-05] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184208 2017-04-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [279800 2017-04-05] (AVAST Software)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [270888 2008-10-31] (Sunbelt Software, Inc.)
R3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [65576 2008-06-21] (Sunbelt Software, Inc.)
R1 sbhips; C:\WINDOWS\system32\drivers\sbhips.sys [66600 2008-06-21] (Sunbelt Software, Inc.)
R0 stmtpm; C:\WINDOWS\System32\DRIVERS\stm_tpm.sys [21504 2007-07-06] (STMicroelectronics, INC)
S4 IntelIde; no ImagePath
S0 MBAMChameleon; system32\drivers\MBAMChameleon.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-14 11:25 - 2017-04-14 11:25 - 00011734 _____ C:\Documents and Settings\Uživatel\Plocha\FRST.txt
2017-04-14 11:23 - 2017-04-14 11:23 - 01766912 _____ (Farbar) C:\Documents and Settings\Uživatel\Plocha\FRST.exe
2017-04-13 19:36 - 2017-04-13 19:36 - 00000000 ____D C:\rsit
2017-04-13 19:36 - 2017-04-13 19:36 - 00000000 ____D C:\Program Files\trend micro
2017-04-13 19:30 - 2017-04-14 11:25 - 00000000 ____D C:\FRST
2017-04-13 18:36 - 2017-04-13 18:36 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Sunbelt Software
2017-04-13 18:36 - 2008-10-31 07:09 - 00270888 ____R (Sunbelt Software, Inc.) C:\WINDOWS\system32\Drivers\SbFw.sys
2017-04-13 18:36 - 2008-06-21 04:54 - 00065576 _____ (Sunbelt Software, Inc.) C:\WINDOWS\system32\Drivers\SbFwIm.sys
2017-04-13 18:20 - 2017-04-13 18:20 - 00000000 ____D C:\WINDOWS\system32\%APPDATA%
2017-04-13 18:20 - 2017-04-13 18:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-13 17:09 - 2017-04-13 17:09 - 00000000 ____D C:\Documents and Settings\Uživatel\Data aplikací\Curiolab
2017-04-13 16:50 - 2017-04-13 16:50 - 00000000 ____D C:\Program Files\Sunbelt Software
2017-04-11 17:45 - 2017-04-13 19:21 - 00000000 ____D C:\Program Files\Common Files\COMODO
2017-04-11 17:22 - 2017-04-11 17:22 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis183.exe
2017-04-11 17:22 - 2017-04-11 17:22 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis17F.exe
2017-04-11 17:20 - 2017-04-13 18:11 - 00000000 ____D C:\Documents and Settings\Uživatel\Data aplikací\IObit
2017-04-11 17:20 - 2017-04-11 17:20 - 00000000 ____D C:\Program Files\IObit
2017-04-11 17:20 - 2017-04-11 17:20 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-04-11 17:20 - 2017-04-11 17:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ProductData
2017-04-11 17:20 - 2017-04-11 17:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\IObit
2017-04-11 17:19 - 2017-04-11 17:19 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cisB1.exe
2017-04-11 17:19 - 2017-04-11 17:19 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cisAD.exe
2017-04-11 17:13 - 2017-04-11 17:20 - 00000000 ____D C:\Documents and Settings\Uživatel\Data aplikací\Geek Uninstaller
2017-04-08 18:15 - 2017-04-08 18:15 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis7F.exe
2017-04-08 18:15 - 2017-04-08 18:15 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis7B.exe
2017-04-08 18:10 - 2017-04-08 18:10 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis67.exe
2017-04-08 18:08 - 2017-04-08 18:08 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis55.exe
2017-04-08 18:07 - 2017-04-08 18:07 - 00017564 ____H C:\WINDOWS\system32\mlfcache.dat
2017-04-08 18:05 - 2017-04-08 18:05 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis32.exe
2017-04-08 18:05 - 2017-04-08 18:05 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis2E.exe
2017-04-08 18:04 - 2017-04-08 18:04 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\cis1F.exe
2017-04-08 17:59 - 2017-04-13 18:16 - 00000000 ____D C:\AdwCleaner
2017-04-08 17:59 - 2017-04-08 17:59 - 04089296 _____ C:\Documents and Settings\Uživatel\Plocha\adwcleaner_6.045.exe
2017-04-08 17:32 - 2017-04-14 11:21 - 00000482 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
2017-04-08 17:32 - 2017-04-05 06:56 - 00344768 _____ (COMODO) C:\Documents and Settings\All Users\Data aplikací\cmdres.dll
2017-04-07 15:02 - 2017-04-07 15:02 - 00026379 _____ C:\Documents and Settings\Uživatel\Dokumenty\CisReport_x86_v10.0.1.6209_20170407-150219.zip
2017-04-07 14:59 - 2017-04-05 07:56 - 00194752 _____ (COMODO) C:\WINDOWS\system32\cmdshim32.dll
2017-04-05 09:18 - 2017-04-05 09:18 - 00330256 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-14 11:25 - 2015-11-18 10:51 - 00000000 ____D C:\Documents and Settings\Uživatel\Plocha
2017-04-14 11:25 - 2015-11-18 10:51 - 00000000 ____D C:\Documents and Settings\Uživatel\Local Settings\Temp
2017-04-14 11:23 - 2015-12-23 22:45 - 00000000 ____D C:\Documents and Settings\Uživatel\Dokumenty\Stažené soubory
2017-04-14 11:21 - 2017-03-05 15:41 - 00000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-04-14 11:21 - 2016-04-23 15:08 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-14 11:21 - 2016-04-23 15:03 - 00000476 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1461416593.job
2017-04-14 11:21 - 2015-11-18 15:09 - 00000228 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2017-04-14 11:21 - 2015-11-18 10:51 - 00032404 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-14 11:21 - 2015-11-18 10:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-14 11:21 - 2007-08-02 14:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-14 10:55 - 2015-11-18 10:51 - 00000178 ___SH C:\Documents and Settings\Uživatel\ntuser.ini
2017-04-14 10:53 - 2016-09-09 17:50 - 00000000 ___RD C:\Documents and Settings\Uživatel\Dokumenty\Obrázky
2017-04-14 10:53 - 2015-11-18 10:51 - 00000000 ___RD C:\Documents and Settings\Uživatel\Dokumenty
2017-04-14 10:52 - 2015-12-24 10:35 - 00000000 ___RD C:\Documents and Settings\Uživatel\Dokumenty\Filmy
2017-04-14 08:13 - 2016-11-16 19:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-13 20:10 - 2015-11-18 10:51 - 00000000 ____D C:\Documents and Settings\Uživatel
2017-04-13 20:06 - 2015-12-23 22:56 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-13 19:36 - 2016-04-23 15:08 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-13 19:23 - 2015-11-18 11:21 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-04-13 19:23 - 2015-11-18 11:21 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-04-13 19:23 - 2015-11-18 11:21 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2017-04-13 18:36 - 2015-11-18 11:08 - 00000000 ___HD C:\WINDOWS\inf
2017-04-13 18:25 - 2015-12-25 14:18 - 06264976 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1957994488-1060284298-1801674531-1003-0.dat
2017-04-13 18:25 - 2015-12-25 14:18 - 00129802 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-04-13 18:20 - 2015-12-23 22:50 - 00000000 ____D C:\Documents and Settings\Uživatel\Data aplikací\Seznam.cz
2017-04-13 18:14 - 2015-11-18 11:21 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2017-04-13 18:06 - 2015-12-23 22:32 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2017-04-13 17:09 - 2015-11-18 10:51 - 00000000 __RHD C:\Documents and Settings\Uživatel\Data aplikací
2017-04-11 18:16 - 2015-12-23 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Comodo
2017-04-11 17:20 - 2015-11-18 10:51 - 00000000 ___HD C:\Documents and Settings\Uživatel\Šablony
2017-04-08 20:46 - 2015-12-31 16:25 - 00038400 _____ C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-08 20:43 - 2015-12-23 22:51 - 00000000 ____D C:\Documents and Settings\Uživatel\Data aplikací\vlc
2017-04-08 17:47 - 2015-11-18 11:08 - 00000000 ____D C:\WINDOWS\Network Diagnostic
2017-04-08 17:44 - 2015-11-18 10:51 - 00000000 ___HD C:\Documents and Settings\Uživatel\Local Settings\Data aplikací
2017-04-07 14:59 - 2015-12-23 15:06 - 00488770 _____ C:\WINDOWS\system32\prfh0405.dat
2017-04-07 14:59 - 2015-12-23 15:06 - 00098248 _____ C:\WINDOWS\system32\prfc0405.dat
2017-04-05 09:20 - 2016-05-05 09:43 - 00000756 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
2017-04-05 09:19 - 2015-11-18 12:06 - 00026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
2017-04-05 09:18 - 2016-03-23 15:38 - 00031064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-05 09:18 - 2015-12-23 15:01 - 00764064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-05 09:18 - 2015-12-23 15:01 - 00472760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-05 09:18 - 2015-12-23 15:01 - 00279800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-05 09:18 - 2015-12-23 15:01 - 00184208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-04-05 09:18 - 2015-12-23 15:01 - 00106904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-05 09:18 - 2015-12-23 15:01 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-05 09:18 - 2015-12-23 15:01 - 00060760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-04-05 09:18 - 2015-12-23 15:01 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-05 09:17 - 2017-03-05 15:41 - 00267528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-04-05 09:17 - 2017-03-05 15:41 - 00255184 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-04-05 09:17 - 2017-03-05 15:41 - 00148208 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-04-05 09:17 - 2017-03-05 15:41 - 00041176 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-04-05 08:01 - 2015-09-03 12:52 - 00732368 _____ (COMODO) C:\WINDOWS\system32\guard32.dll
2017-04-05 08:01 - 2015-08-05 01:29 - 00044008 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-04-05 07:56 - 2015-08-05 01:27 - 00363200 _____ (COMODO) C:\WINDOWS\system32\cmdvrt32.dll
2017-03-28 22:31 - 2015-11-18 18:13 - 00657960 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdGuard.sys
2017-03-28 22:31 - 2015-11-18 18:13 - 00017296 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2017-03-28 22:31 - 2015-08-05 00:30 - 00032760 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2017-03-26 12:54 - 2015-11-18 11:21 - 01182868 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-26 12:54 - 2007-08-02 14:00 - 00488770 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-26 12:54 - 2007-08-02 14:00 - 00098248 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-17 13:58 - 2015-12-23 22:23 - 00000000 ____D C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Temp

==================== Files in the root of some directories =======

2015-12-31 16:25 - 2017-04-08 20:46 - 0038400 _____ () C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-11 17:22 - 2017-04-11 17:22 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis17F.exe
2017-04-11 17:22 - 2017-04-11 17:22 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis183.exe
2017-04-08 18:04 - 2017-04-08 18:04 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis1F.exe
2017-04-08 18:05 - 2017-04-08 18:05 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis2E.exe
2017-04-08 18:05 - 2017-04-08 18:05 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis32.exe
2017-04-08 18:08 - 2017-04-08 18:08 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis55.exe
2017-04-08 18:10 - 2017-04-08 18:10 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis67.exe
2017-04-08 18:15 - 2017-04-08 18:15 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis7B.exe
2017-04-08 18:15 - 2017-04-08 18:15 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cis7F.exe
2017-04-11 17:19 - 2017-04-11 17:19 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cisAD.exe
2017-04-11 17:19 - 2017-04-11 17:19 - 0000000 _____ () C:\Documents and Settings\All Users\Data aplikací\cisB1.exe
2017-04-08 17:32 - 2017-04-05 06:56 - 0344768 _____ (COMODO) C:\Documents and Settings\All Users\Data aplikací\cmdres.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Přikládám i druhý log:
aAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Uživatel (14-04-2017 11:25:41)
Running from C:\Documents and Settings\Uživatel\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) (2015-11-18 08:44:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1957994488-1060284298-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1957994488-1060284298-1801674531-1005 - Limited - Enabled)
Guest (S-1-5-21-1957994488-1060284298-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1957994488-1060284298-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1957994488-1060284298-1801674531-1002 - Limited - Disabled)
Uživatel (S-1-5-21-1957994488-1060284298-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Uživatel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: Sunbelt Personal Firewall (Disabled) {82B1150E-9B37-49FC-83EB-D52197D900D0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Aktualizace systému Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CEWE fotosvet (HKLM\...\CEWE fotosvet) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
Dell System Detect (HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
GeekBuddy (Version: 4.30.222 - Comodo Security Solutions Inc) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 cs) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 cs)) (Version: 52.0.2 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Oprava Hotfix systému Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7255 - Analog Devices)
Sunbelt Personal Firewall (HKLM\...\{82B1150E-9B37-49FC-83EB-D52197D900D0}) (Version: 4.6.1861.0 - Sunbelt Software)
Vit Registry Fix 9.5 (remove only) (HKLM\...\Vit Registry Fix) (Version: - VITSOFT)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => C:\Documents and Settings\All Users\Data aplikací\cis17.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1461416593.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-05 09:18 - 2017-04-05 09:18 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-05 09:18 - 2017-04-05 09:18 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-14 08:08 - 2017-04-14 08:08 - 05911040 _____ () C:\Program Files\AVAST Software\Avast\defs\17041302\algo.dll
2017-04-05 09:18 - 2017-04-05 09:18 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-05 09:18 - 2017-04-05 09:18 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2015-12-23 22:50 - 2015-02-20 11:03 - 00352256 _____ () C:\Program Files\WinRAR\rarlng.dll
2016-06-29 17:34 - 2016-06-29 17:35 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-01-22 11:22 - 2007-01-22 11:22 - 00859648 _____ () C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll
2007-01-22 11:22 - 2007-01-22 11:22 - 00470016 _____ () C:\Program Files\Sunbelt Software\Personal Firewall\PocoXml.dll
2007-01-22 11:22 - 2007-01-22 11:22 - 00018432 _____ () C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll
2006-02-14 15:35 - 2006-02-14 15:35 - 00827392 _____ () C:\Program Files\Sunbelt Software\Personal Firewall\LibEay32.dll
2006-02-14 15:36 - 2006-02-14 15:36 - 00155648 _____ () C:\Program Files\Sunbelt Software\Personal Firewall\SSLeay32.dll
2017-04-05 09:17 - 2017-04-05 09:17 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-04-05 09:18 - 2017-04-05 09:18 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ptpusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ptpusd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spupdsvc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ssins.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssinstall-uninstall.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\Uživatel\Plocha\přijal Z.doc:$CmdTcID [130]
AlternateDataStreams: C:\Documents and Settings\Uživatel\Plocha\přijal Z.doc:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-08-02 14:00 - 2017-01-21 12:38 - 00000737 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Nebe.bmp
DNS Servers: 10.255.255.10 - 10.255.255.20
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Vzdálená správa systému Windows
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Vzdálená správa systému Windows – režim kompatibility (HTTP-In)

==================== Restore Points =========================

05-03-2017 15:41:46 Installed Windows XP Wdf01009.
18-03-2017 12:34:21 Kontrolní bod systému
29-03-2017 14:37:46 Kontrolní bod systému
05-04-2017 09:19:37 Installed Windows XP Wdf01009.
08-04-2017 17:33:10 Removed COMODO Firewall
08-04-2017 18:04:39 Removed COMODO Firewall
08-04-2017 18:05:57 Removed COMODO Firewall
08-04-2017 18:08:21 Removing COMODO Endpoint Security
08-04-2017 18:10:53 Removed COMODO Firewall
08-04-2017 18:15:15 Removed COMODO Firewall
11-04-2017 17:18:26 Removing COMODO Internet Security
11-04-2017 17:21:37 Removing COMODO Internet Security
11-04-2017 17:36:39 Revo Uninstaller's restore point - COMODO Firewall
11-04-2017 17:38:40 Revo Uninstaller's restore point - COMODO Firewall
11-04-2017 17:40:48 Revo Uninstaller's restore point - COMODO Firewall
11-04-2017 17:45:42 Installing COMODO Firewall
11-04-2017 18:04:47 Revo Uninstaller's restore point - COMODO Firewall
11-04-2017 18:05:58 Removing COMODO Client - Security
11-04-2017 18:11:08 Revo Uninstaller's restore point - GeekBuddy
13-04-2017 16:50:43 Installed Sunbelt Personal Firewall.
13-04-2017 18:02:02 Installed Sunbelt Personal Firewall.
13-04-2017 18:05:49 Bontia Studio
13-04-2017 18:36:33 Installed Sunbelt Personal Firewall.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2017 05:47:08 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM CisFileRatingChange,
jehož cílová třída CisFileRatingChange neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:08 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM CisStatusChange,
jehož cílová třída CisStatusChange neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:08 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM CisNotification,
jehož cílová třída CisNotification neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:08 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM FwAlert,
jehož cílová třída FwAlert neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:08 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM DfAlert,
jehož cílová třída DfAlert neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:08 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM AvAlert,
jehož cílová třída AvAlert neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:07 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM CisAlert,
jehož cílová třída CisAlert neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:07 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM CisEvent,
jehož cílová třída CisEvent neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:07 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM CisFileRatingChange,
jehož cílová třída CisFileRatingChange neexistuje.
Dotaz bude přeskočen.

Error: (04/11/2017 05:47:07 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Zprostředkovatel událostí se pokusil zaregistrovat dotaz SELECT * FROM CisStatusChange,
jehož cílová třída CisStatusChange neexistuje.
Dotaz bude přeskočen.


System errors:
=============
Error: (04/14/2017 11:21:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
MBAMChameleon

Error: (04/14/2017 11:21:02 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP 192.168.1.100 pro síťovou kartu s adresou 001EC960CD1B byla
serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (04/14/2017 10:49:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
MBAMChameleon

Error: (04/14/2017 08:07:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
MBAMChameleon

Error: (04/13/2017 07:21:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
MBAMChameleon
stmtpm

Error: (04/13/2017 06:39:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
MBAMChameleon

Error: (04/13/2017 06:33:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
MBAMChameleon

Error: (04/13/2017 06:27:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
MBAMChameleon

Error: (04/13/2017 04:52:25 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (04/11/2017 06:05:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba COMODO Internet Security Helper Service byla neočekávaně ukončena. Tento stav nastal již 4krát.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 28%
Total physical RAM: 2004.54 MB
Available physical RAM: 1423.81 MB
Total Virtual: 3897.15 MB
Available Virtual: 3451.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:55.06 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 5E1153BF)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Přikládám log z Adware cleaner. Zdá se,že nic nenašel,protože už jsem ho před několika dny použil. Předtím našel několik hrozeb,ale ne tu se jménem agent. Na tom počítači s windows 10 o kterém jsem psal na začátku Adware cleaner našel hrozbu jménem agent a po jeho vymazání Comodo opět jde.


# AdwCleaner v6.045 - Log vytvořen 15/04/2017 v 10:51:55
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-03-28.2 [Místní]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Uživatel - DELL-CBA1F734F4
# Spuštěno z : C:\Documents and Settings\Uživatel\Plocha\adwcleaner_6.045.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Nebyly nalezeny žádné škodlivé položky registru.


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1162 Bajty] - [08/04/2017 18:01:18]
C:\AdwCleaner\AdwCleaner[C2].txt - [1345 Bajty] - [11/04/2017 17:54:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [1449 Bajty] - [08/04/2017 18:00:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [1581 Bajty] - [11/04/2017 17:53:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1707 Bajty] - [13/04/2017 18:16:14]
C:\AdwCleaner\AdwCleaner[S3].txt - [1628 Bajty] - [15/04/2017 10:51:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1701 Bajty] ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\...\Run: [CCAVInstaller] => wscript.exe "C:\Documents and Settings\Uživatel\Local Settings\Temp\CCAVInstaller.vbs" <===== ATTENTION
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ptpusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ptpusd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spupdsvc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ssins.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssinstall-uninstall.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\Uživatel\Plocha\přijal Z.doc:$CmdTcID [130]
AlternateDataStreams: C:\Documents and Settings\Uživatel\Plocha\přijal Z.doc:$CmdZnID [26]

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Tady je log:

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Uživatel (15-04-2017 18:58:14) Run:1
Running from C:\Documents and Settings\Uživatel\Plocha
Loaded Profiles: Uživatel (Available Profiles: Uživatel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\...\Run: [CCAVInstaller] => wscript.exe "C:\Documents and Settings\Uživatel\Local Settings\Temp\CCAVInstaller.vbs" <===== ATTENTION
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ptpusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ptpusd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spupdsvc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ssins.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssinstall-uninstall.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\Uživatel\Plocha\přijal Z.doc:$CmdTcID [130]
AlternateDataStreams: C:\Documents and Settings\Uživatel\Plocha\přijal Z.doc:$CmdZnID [26]

EmptyTemp:
End
*****************

HKU\S-1-5-21-1957994488-1060284298-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CCAVInstaller => value removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\WINDOWS\avastSS.scr => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\ucrtbase.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\FlashPlayerApp.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ptpusb.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ptpusd.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\spupdsvc.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ssins.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ssinstall-uninstall.bat => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\usbscan.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\dllcache\usbscan.sys => ":$CmdTcID" ADS removed successfully..
C:\Documents and Settings\Uživatel\Plocha\přijal Z.doc => ":$CmdTcID" ADS removed successfully..
C:\Documents and Settings\Uživatel\Plocha\přijal Z.doc => ":$CmdZnID" ADS removed successfully..

=========== EmptyTemp: ==========

BITS transfer queue => 9319 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 72910 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/dllcache/drivers => 6580317 B
Edge => 0 B
Chrome => 737280 B
Firefox => 53949549 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 131922 B
LocalService => 11698733 B
NetworkService => 82659 B
Uživatel => 92968418 B

RecycleBin => 4314 B
EmptyTemp: => 158.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:58:36 ====

Smazáno. Nastala nějaká změna?

Chybové hlášení po startu zmizelo. Zdá se že je vše v pořádku. Jak to bude s tím firewallem poznám až mi nabídne aktualizaci. Zatím moc dík za pomoc.

Pokud ta aktualizace systému nesvědčí, neprovádějte. Zatím není zač!