VIRY.CZ

Prosim o kontrolu logu.
Z nekterych souboru na plose se stal zastupce s obsahem: C:\WINDOWS\system32\cmd.exe /c start tmpFD17.tmp.js&s
Je otazkou, jestli si to tam nenahrali a pak nespustili. Avast samozrejme nezareagoval.

Po vlozeni USB flash byla tato smazana ...

Logfile of random's system information tool 1.10 (written by random/random)
Run by spravce at 2018-01-12 12:35:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 217 GB (91%) free of 238 GB
Total RAM: 2013 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:08, on 12.1.2018
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
C:\Program Files\NetSupport\NetSupport School\client32.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\NetSupport\NetSupport School\runplugin.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetSupport\NetSupport School\runplugin.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast Business\avastUI.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\SALAMAND\SALAMAND.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Z:\1\av\RSIT.exe
C:\Program Files\trend micro\spravce.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast Business\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast Business\setup\emupdate\eb16711f-e705-42ca-a7ba-6efb15464b26.exe /check
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\nsl\nslsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3115267244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sps.local
O17 - HKLM\Software\..\Telephony: DomainName = sps.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA904BF-071B-4D15-9780-253794D64645}: NameServer = 192.168.1.230,192.168.1.250
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sps.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BA904BF-071B-4D15-9780-253794D64645}: NameServer = 192.168.1.230,192.168.1.250
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sps.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BA904BF-071B-4D15-9780-253794D64645}: NameServer = 192.168.1.230,192.168.1.250
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
O23 - Service: avast! Net Client Service - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
O23 - Service: Client32 - NetSupport Ltd - C:\Program Files\NetSupport\NetSupport School\client32.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9454 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Avast Emergency Update.job - C:\Program Files\AVAST Software\Avast Business\AvastEmUpdate.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\spravce.SPS\Data aplikací\Mozilla\Firefox\Profiles\tg5k87kt.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-11-30 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-11-30 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-11-30 138240]
"avast"=C:\Program Files\AVAST Software\Avast Business\avastUI.exe [2016-10-24 4770952]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-07-30 98304]
"20131121"=C:\Program Files\AVAST Software\Avast Business\setup\emupdate\eb16711f-e705-42ca-a7ba-6efb15464b26.exe [2013-11-23 180184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-11-30 213504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\client32]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSimpleStartMenu"=1
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\HP Install Network Printer Wizard\hpjsi.exe"="C:\Program Files\Hewlett-Packard\HP Install Network Printer Wizard\hpjsi.exe:*:Enabled:HP Jetdirect Wireless Setup Wizard"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\NetSupport\NetSupport School\client32.exe"="C:\Program Files\NetSupport\NetSupport School\client32.exe:*:Enabled:NetSupport Client"
"C:\Program Files\NetSupport\NetSupport School\PCINSSCD.EXE"="C:\Program Files\NetSupport\NetSupport School\PCINSSCD.EXE:*:Enabled:NetSupport Group Leader"
"C:\Program Files\NetSupport\NetSupport School\pcijoin.exe"="C:\Program Files\NetSupport\NetSupport School\pcijoin.exe:*:Enabled:NetSupport Join Class"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Alwil Software\Avast4\AvAgent.exe"="C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service"
"C:\WINDOWS\system32\hasplms.exe"="C:\WINDOWS\system32\hasplms.exe:*:Enabled:HASP License Manager"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\NetSupport\NetSupport School\client32.exe"="C:\Program Files\NetSupport\NetSupport School\client32.exe:*:Enabled:NetSupport Client"
"C:\Program Files\NetSupport\NetSupport School\PCINSSCD.EXE"="C:\Program Files\NetSupport\NetSupport School\PCINSSCD.EXE:*:Enabled:NetSupport Group Leader"
"C:\Program Files\NetSupport\NetSupport School\pcijoin.exe"="C:\Program Files\NetSupport\NetSupport School\pcijoin.exe:*:Enabled:NetSupport Join Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2018-01-12 12:35:55 ----D---- C:\rsit
2018-01-12 12:35:55 ----D---- C:\Program Files\trend micro
2018-01-12 12:35:17 ----D---- C:\Documents and Settings\spravce.SPS\Data aplikací\Malwarebytes
2018-01-12 12:35:17 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2018-01-12 12:35:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2018-01-12 12:34:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2018-01-12 12:34:57 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2018-01-10 10:37:20 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2018-01-12 12:35:55 ----D---- C:\Program Files
2018-01-12 12:35:17 ----D---- C:\WINDOWS\system32\drivers
2018-01-12 12:33:40 ----D---- C:\WINDOWS\Prefetch
2018-01-12 12:32:26 ----D---- C:\WINDOWS\Temp
2018-01-12 10:55:31 ----D---- C:\WINDOWS\system32\CatRoot2
2018-01-12 10:51:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2018-01-12 08:37:08 ----D---- C:\WINDOWS\security
2018-01-10 10:37:25 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2018-01-10 10:37:22 ----D---- C:\WINDOWS\system32\Macromed
2018-01-10 10:37:20 ----D---- C:\WINDOWS\system32
2018-01-08 08:25:56 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2016-10-24 30560]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-10-24 58272]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-10-24 223360]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2016-10-24 58272]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-10-24 790480]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-10-24 424128]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2016-10-24 71952]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCISys;PCISys; C:\WINDOWS\system32\drivers\pcisys.sys [2011-06-10 39584]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 gdihook5;gdihook5; C:\WINDOWS\system32\DRIVERS\gdihook5.sys [2011-06-10 31392]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-11-30 1912256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-04 4752896]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-06-13 110080]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nsafltr;nsafltr; C:\WINDOWS\system32\drivers\nsafltr.sys [2010-04-20 32256]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-05-07 106368]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 moufiltr;Tablet Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vhidmini;Generic Virtual HID Driver; C:\WINDOWS\system32\DRIVERS\walvhid.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [2016-10-24 54344]
R2 avast! Net Client Service;avast! Net Client Service; C:\Program Files\AVAST Software\Avast Business\AvastNet.exe [2016-10-24 209136]
R2 Client32;Client32; C:\Program Files\NetSupport\NetSupport School\client32.exe [2011-07-19 34288]
R2 hasplms;Sentinel HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2010-09-27 4180576]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10 272384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-20 118680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PSEXESVC;PsExec; C:\WINDOWS\PSEXESVC.EXE [2010-09-16 181064]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím!
Pusťte na flešku USBFix: http://www.stahuj.centrum.cz/utility_a_ ... ve/usbfix/ .

Teď trošku nerozumím ... tím PC prošly dnes pry asi 2 desítky flešek.

Nicméně, v PC muselo něco zůstat, protože ta poslední, důležitá to odnesla naplno - tu zkusím obnovit.

OK. Stěžoval jste si ale na flešku. Spusťte tuto utilitu:

Stáhněte AdwCleaner https://adwcleaner.en.uptodown.com/wind ... oad/283819
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Jinak - USBFix nejde spustit ...

Ten AdwCleaner pise, ze je stara verze, nicmene, byl rychle hotov a jedine, co v logu je:

# AdwCleaner v5.009 - Logfile created 12/01/2018 at 14:33:57
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : spravce - SV3
# Running from : C:\Documents and Settings\All Users\Plocha\adwcleaner-5-009-multi-win.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1101 bytes] ##########

Nová verze na XP nejde spustit, proto jsem vám dal odkaz na starší. Proč nejde USBFix spustit? Dává nějakou hlášku? Jina pak dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .

Vycistil jsem, prihlasil se pod uctem, kde byl problem ... a opet. Ke vsem souborum se udelaji na flesce .lnk (puvodni soubory zustanou vporadku) a Avast hlasi Jensus-H a za ho zablokoval. Nicmene k te tvorbe linku dojde. Na flesce je i ten .js soubor. Kdyz pak nekdo link misto spravneho souboru spusti, original soubor se smaze.

odstrelil jsem wscript a prestalo to.
Takze najit ten vypoustec.

Btw - uz vidim , ze 4.2. to od nekud stahli a je to C:\Documents and Settings\sv3\Data aplikací\tmpFD17.tmp.js a omu odpovida v registrech ...Windows/Run i spousteni. Takze mazu oboje a uvidim.

Vysledek FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.01.2018
Ran by sv3 (ATTENTION: The user is not administrator) on SV3 (12-01-2018 15:38:20)
Running from C:\Documents and Settings\sv3\Plocha
Loaded Profiles: sv3 (Available Profiles: zak & spravce & vt1 & sv3 & spravce & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastNet.exe
Failed to access process -> client32.exe
Failed to access process -> hasplms.exe
Failed to access process -> PsiService_2.exe
Failed to access process -> svchost.exe
Failed to access process -> winvnc4.exe
Failed to access process -> runplugin.exe
Failed to access process -> alg.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast Business\AvastUI.exe
(NetSupport Ltd) C:\Program Files\NetSupport\NetSupport School\runplugin.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
Failed to access process -> wmiprvse.exe
() C:\SALAMAND\SALAMAND.EXE
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(forum.viry.cz) C:\Documents and Settings\sv3\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16806912 2008-07-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast Business\avastUI.exe [4770952 2016-10-24] (Avast Software s.r.o.)
HKLM\...\Run: [Synchronization Manager] => C:\WINDOWS\system32\mobsync.exe [143872 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-07-30] (Hewlett-Packard)
HKLM\...\Run: [20131121] => C:\Program Files\AVAST Software\Avast Business\setup\emupdate\eb16711f-e705-42ca-a7ba-6efb15464b26.exe [180184 2013-11-23] (AVAST Software)
HKU\S-1-5-21-3243242500-4150996247-348191604-1144\...\Run: [VGIVLKPPQT] => C:\Documents and Settings\sv3\Data aplikací\tmpFD17.tmp.js [121572 2017-02-04] ()
HKU\S-1-5-21-3243242500-4150996247-348191604-1144\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-3243242500-4150996247-348191604-1144\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-18\...\RunOnce: [WMC_WMPDBExport] => C:\Program Files\Windows Media Player\wmdbexport.exe [493568 2006-10-18] (Microsoft Corporation)
Startup: C:\Documents and Settings\sv3\Nabídka Start\Programy\Po spuštění\tmpFD17.tmp.js [2017-02-04] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3BA904BF-071B-4D15-9780-253794D64645}: [NameServer] 192.168.1.230,192.168.1.250

Internet Explorer:
==================
HKU\S-1-5-21-3243242500-4150996247-348191604-1144\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3243242500-4150996247-348191604-1144\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://www.webhledani.cz/results.aspx?i=42&tp= ... earchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://www.webhledani.cz/results.aspx?i=42&tp= ... earchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\sv3\Data aplikací\Mozilla\Firefox\Profiles\ht08vs5b.default [2018-01-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-12] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"TlntSvr" => service could not be unlocked. <==== ATTENTION
"WmiApRpl" => service could not be unlocked. <==== ATTENTION

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-01-10] (Adobe Systems Incorporated) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [54344 2016-10-24] (Avast Software s.r.o.)
R2 avast! Net Client Service; C:\Program Files\AVAST Software\Avast Business\AvastNet.exe [209136 2016-10-24] (Avast Software s.r.o.)
R2 Client32; C:\Program Files\NetSupport\NetSupport School\client32.exe [34288 2011-07-19] (NetSupport Ltd)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 PSEXESVC; C:\WINDOWS\PSEXESVC.EXE [181064 2010-09-16] (Sysinternals)
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439248 2006-05-12] (RealVNC Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
R0 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [30560 2016-10-24] (Avast Software s.r.o.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76160 2016-10-24] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [58272 2016-10-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58272 2016-10-24] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [790480 2016-10-24] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [424128 2016-10-24] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [71952 2016-10-24] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [223360 2016-10-24] ()
R3 gdihook5; C:\WINDOWS\System32\DRIVERS\gdihook5.sys [31392 2011-06-10] (NetSupport Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R3 nsafltr; C:\WINDOWS\System32\drivers\nsafltr.sys [32256 2010-04-20] (NetSupport Ltd) [File not signed]
R1 PCISys; C:\WINDOWS\System32\drivers\pcisys.sys [39584 2011-06-10] (NetSupport Ltd)
S4 IntelIde; no ImagePath
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S5 TlntSvr; <==== ATTENTION: Locked Service
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
U5 WmiApRpl; <==== ATTENTION: Locked Service
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-12 15:38 - 2018-01-12 15:38 - 000015327 _____ C:\Documents and Settings\sv3\Plocha\LM.bat
2018-01-12 15:37 - 2018-01-12 15:38 - 000010040 _____ C:\Documents and Settings\sv3\Plocha\FRST.txt
2018-01-12 15:34 - 2018-01-12 15:38 - 000000000 ____D C:\Documents and Settings\sv3\Local Settings\Temp
2018-01-12 15:34 - 2018-01-12 15:34 - 000000543 _____ C:\Documents and Settings\sv3\Plocha\cti.txt
2018-01-12 15:26 - 2018-01-12 15:37 - 000000000 ____D C:\FRST
2018-01-12 15:23 - 2018-01-12 15:38 - 000029696 _____ C:\Documents and Settings\sv3\Local Settings\Data aplikací\MSGBOX.EXE
2018-01-12 15:23 - 2018-01-12 15:23 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\sv3\Plocha\FRSTLauncher.exe
2018-01-12 15:19 - 2018-01-12 15:19 - 001753600 _____ (Farbar) C:\Documents and Settings\sv3\Plocha\FRST.exe
2018-01-12 15:11 - 2018-01-12 15:11 - 000000000 ____D C:\Documents and Settings\sv3\Data aplikací\Malwarebytes
2018-01-12 14:55 - 2018-01-12 14:55 - 000000104 _____ C:\Documents and Settings\sv3\Dokumenty\Internet Explorer.lnk
2018-01-12 14:16 - 2018-01-12 15:05 - 000000000 ____D C:\AdwCleaner
2018-01-12 14:10 - 2018-01-12 14:11 - 000000000 ____D C:\Program Files\UsbFix
2018-01-12 12:35 - 2018-01-12 12:38 - 000000000 ____D C:\rsit
2018-01-12 12:35 - 2018-01-12 12:36 - 000000000 ____D C:\Program Files\trend micro
2018-01-12 12:35 - 2018-01-12 12:35 - 000000784 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2018-01-12 12:35 - 2018-01-12 12:35 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2018-01-12 12:35 - 2018-01-12 12:35 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2018-01-12 12:34 - 2018-01-12 12:35 - 000000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2018-01-12 12:34 - 2013-04-04 14:50 - 000022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-12 12:27 - 2018-01-12 15:32 - 000000000 ____D C:\Documents and Settings\sv3\Dokumenty\Stažené soubory
2018-01-10 10:37 - 2018-01-10 10:37 - 005845504 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2018-01-10 10:28 - 2017-02-04 18:16 - 000121572 ___SH C:\Documents and Settings\sv3\Data aplikací\tmpFD17.tmp.js
2018-01-08 08:25 - 2018-01-12 14:57 - 000000334 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-01-05 08:42 - 2018-01-12 14:53 - 000000000 ____D C:\Documents and Settings\sv3\Plocha\Obce 2018

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-12 15:38 - 2013-03-12 17:18 - 000000000 ___HD C:\Documents and Settings\sv3\Local Settings\Data aplikací
2018-01-12 15:38 - 2013-03-12 17:18 - 000000000 ____D C:\Documents and Settings\sv3\Plocha
2018-01-12 15:37 - 2013-03-12 15:57 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-01-12 15:34 - 2013-03-12 17:18 - 000000178 ___SH C:\Documents and Settings\sv3\ntuser.ini
2018-01-12 15:34 - 2009-11-26 11:31 - 000000112 _____ C:\WINDOWS\system32\config\netlogon.ftl
2018-01-12 15:11 - 2013-03-12 17:18 - 000000000 __RHD C:\Documents and Settings\sv3\Data aplikací
2018-01-12 15:00 - 2009-11-26 11:11 - 000000000 ____D C:\UT
2018-01-12 14:58 - 2013-03-12 17:18 - 000000678 __RSH C:\Documents and Settings\sv3\ntuser.pol
2018-01-12 14:58 - 2013-03-12 17:18 - 000000000 ____D C:\Documents and Settings\sv3
2018-01-12 14:57 - 2009-11-26 10:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-12 14:56 - 2010-09-16 10:59 - 000000000 ____D C:\Documents and Settings\Administrator
2018-01-12 14:56 - 2009-11-26 10:58 - 000032408 _____ C:\WINDOWS\SchedLgU.Txt
2018-01-12 14:55 - 2013-03-12 17:18 - 000000000 ___RD C:\Documents and Settings\sv3\Dokumenty
2018-01-12 14:52 - 2009-11-26 10:50 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2018-01-12 14:50 - 2013-09-20 05:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-12 14:49 - 2009-12-03 21:30 - 000015106 __RSH C:\Documents and Settings\All Users\ntuser.pol
2018-01-12 14:49 - 2009-11-26 10:49 - 000000000 ____D C:\Documents and Settings\All Users
2018-01-12 14:49 - 2009-11-26 10:45 - 000000000 ____D C:\WINDOWS\security
2018-01-12 14:49 - 2002-09-23 13:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2018-01-12 14:48 - 2013-03-12 16:03 - 000000008 _____ C:\WINDOWS\system32\pcisys.ntk
2018-01-12 13:59 - 2009-12-03 18:54 - 000000000 ____D C:\Documents and Settings\spravce.SPS
2018-01-12 13:06 - 2013-03-12 17:19 - 000002547 _____ C:\Documents and Settings\sv3\Plocha\Microsoft Word 2010.lnk
2018-01-12 12:35 - 2009-11-26 10:50 - 000000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2018-01-12 12:35 - 2009-11-26 10:50 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2018-01-10 10:37 - 2013-03-12 15:57 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-01-10 10:37 - 2013-03-12 15:57 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-01-10 10:37 - 2009-11-26 10:51 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-08 14:09 - 2013-03-12 16:19 - 000131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2018-01-05 08:42 - 2013-03-18 09:14 - 000000000 ____D C:\Documents and Settings\sv3\Plocha\Ivoš
2017-12-13 07:28 - 2017-06-05 12:15 - 000000000 ____D C:\Documents and Settings\sv3\Local Settings\Data aplikací\Mozilla Firefox

==================== Files in the root of some directories =======

2018-01-10 10:28 - 2017-02-04 18:16 - 000121572 ___SH () C:\Documents and Settings\sv3\Data aplikací\tmpFD17.tmp.js
2013-04-29 07:47 - 2017-06-16 06:52 - 000018432 _____ () C:\Documents and Settings\sv3\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-12 15:23 - 2018-01-12 15:38 - 000029696 _____ () C:\Documents and Settings\sv3\Local Settings\Data aplikací\MSGBOX.EXE
2013-03-12 15:35 - 2013-03-12 15:35 - 000000597 _____ () C:\Documents and Settings\All Users\Data aplikací\c4d_uninstall.bat
2013-03-12 15:35 - 2013-03-12 15:35 - 000000332 _____ () C:\Documents and Settings\All Users\Data aplikací\c4d_uninstall.dat
2013-03-12 15:35 - 2013-03-12 15:35 - 000250568 _____ (MAXON Computer GmbH) C:\Documents and Settings\All Users\Data aplikací\c4d_uninstall1.exe
2013-03-12 15:35 - 2013-03-12 15:35 - 000250568 _____ (MAXON Computer GmbH) C:\Documents and Settings\All Users\Data aplikací\c4d_uninstall2.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3243242500-4150996247-348191604-1144\...\Run: [VGIVLKPPQT] => C:\Documents and Settings\sv3\Data aplikací\tmpFD17.tmp.js [121572 2017-02-04] ()
Startup: C:\Documents and Settings\sv3\Nabídka Start\Programy\Po spuštění\tmpFD17.tmp.js [2017-02-04] ()
"TlntSvr" => service could not be unlocked. <==== ATTENTION
"WmiApRpl" => service could not be unlocked. <==== ATTENTION
S4 IntelIde; no ImagePath
S5 TlntSvr; <==== ATTENTION: Locked Service
U5 WmiApRpl; <==== ATTENTION: Locked Service
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\sv3\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

V tom startup jsem mu musel sundat atribut skryty a system a smazal jsem rucne. Je divne, ze ta utilitka si neporadi se skrytym souborem.

Fix result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018
Ran by Administrator (12-01-2018 16:58:45) Run:3
Running from C:\Documents and Settings\sv3\Plocha
Loaded Profiles: sv3 & Administrator (Available Profiles: zak & spravce & vt1 & sv3 & spravce & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3243242500-4150996247-348191604-1144\...\Run: [VGIVLKPPQT] => C:\Documents and Settings\sv3\Data aplikac\tmpFD17.tmp.js [121572 2017-02-04] ()
Startup: C:\Documents and Settings\sv3\Nabdka Start\Programy\Po sputn\tmpFD17.tmp.js [2017-02-04] ()
"TlntSvr" => service could not be unlocked. <==== ATTENTION
"WmiApRpl" => service could not be unlocked. <==== ATTENTION
S4 IntelIde; no ImagePath
S5 TlntSvr; <==== ATTENTION: Locked Service
U5 WmiApRpl; <==== ATTENTION: Locked Service
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\sv3\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

"HKU\S-1-5-21-3243242500-4150996247-348191604-1144\Software\Microsoft\Windows\CurrentVersion\Run\\VGIVLKPPQT" => not found
"C:\Documents and Settings\sv3\Nabdka Start\Programy\Po sputn\tmpFD17.tmp.js" => not found
"TlntSvr" => service could not be unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
"WmiApRpl" => service could not be unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Services\IntelIde" => removed successfully.
IntelIde => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TlntSvr" => removed successfully.
TlntSvr => service removed successfully.
"HKLM\System\CurrentControlSet\Services\WmiApRpl" => removed successfully.
WmiApRpl => service removed successfully.
"HKLM\System\CurrentControlSet\Services\WS2IFSL" => removed successfully.
WS2IFSL => service removed successfully.
"C:\Documents and Settings\sv3\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10754 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 6794899 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 89051844 B
LocalService => 1076 B
NetworkService => 66231 B
sv3 => 2487692 B
Administrator => 703417 B

RecycleBin => -85 B
EmptyTemp: => 127.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:58:52 ====

Smazáno. Nastala nějaká změna?

Zmena nastala uz kdyz jsem to rucne smazal v registru a killnul ten script. Nastesti jsem nerestartoval, protoze jsem si nevsiml (jak to bylo skryte), ze je to i v "Po spusteni". Divne je, ze Avast reagoval jen kdyz vir neco chtel delat, ale vlastni vytvareni zastupcu a skryvani souboru mu povolil. z to dodelavam na dalku, v pondeli jeste prezkousim.

Dik moc za asistenci.

Zbytky po něm smazal FRST. Nemáte zač!

VIRY.CZ

Po vložení Flash USB je smazan obsah - WinXP

Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP

Re: Po vložení Flash USB je smazan obsah - WinXP