Policejni virus asi vylepšeny

[vyosek]

Fajn, udelejte prosim nyni FRSTL http://forum.viry.cz/viewtopic.php?f=13&t=132519

[tomastt]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 04
Ran by Radim at 2013-09-14 14:03:03
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.168)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.7) - Czech (Version: 10.1.7)
Akamai NetSession Interface Service
Aktualizace NVIDIA 1.10.8 (Version: 1.10.8)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
Big Fish Games: Game Manager (Version: 2.0.0.28)
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
CD-LabelPrint
CloneCD
ConvertXtoDVD 2.0.16 (Version: 2.0.16)
DivX Converter (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.5.0.8)
DivX Version Checker (Version: 7.0.0.19)
DVD Shrink 3.2
DVDFab 6.2.1.8 (31/12/2009)
Epson Easy Photo Print 2 (Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0009)
EPSON Scan
EPSON SX130 Series Printer Uninstall
ESET NOD32 Antivirus (Version: 5.2.9.12)
Expert (Version: 2.0.51.0)
Google Chrome (Version: 29.0.1547.66)
Google Update Helper (Version: 1.3.21.153)
GTA San Andreas (Version: 1.00.00001)
Haali Media Splitter
High-Definition Video Playback (Version: 11.1.10400.2.65)
HitmanPro 3.7 (Version: 3.7.7.205)
Huawei Drivers (Version: 4.22.19.00)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 33 (Version: 6.0.330)
Mafia (Version: 1.02)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 cs) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 11 (Version: 11.0.10700)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11200.12.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11300.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.0.16000.13.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.10000.1.0)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.15000.1.12)
Nero CoverDesigner 11 (Version: 6.0.10800.11.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Express 11 (Version: 11.0.11700.23.100)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Kwik Media (Version: 1.10.19300.93.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Recode 11 (Version: 5.0.13300.32.100)
Nero Recode 11 Help (CHM) (Version: 11.0.10300)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SoundTrax 11 (Version: 5.0.10400.4.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.10623.22.0)
Nero Video 11 (Version: 8.0.14000.21.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero WaveEditor 11 (Version: 6.0.10800.5.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20007)
neroxml (Version: 1.0.0)
Network Play System (Patching)
Nokia Connectivity Cable Driver (Version: 7.1.32.64)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Ovladače grafiky 307.83 (Version: 307.83)
NVIDIA Update Components (Version: 1.10.8)
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Opera 12.16 (Version: 12.16.1860)
Ovládací panel NVIDIA 307.83 (Version: 307.83)
Ovladače videa společnosti Pinnacle (Version: 12.1.0.030)
Pinnacle Hollywood FX for Studio
Pinnacle Studio 14 (Version: 14.0.0.7255)
Realtek AC'97 Audio (Version: 5.37)
Realtek High Definition Audio Driver (Version: 6.0.1.6043)
Registrace uživatele zařízení Canon iP5300
SmartSound Quicktracks Plugin (Version: 3.0.2.4)
Studio 9 (Version: 9.4)
The Sims Superstar
TmNationsForever
Total Commander (Remove or Repair) (Version: 7.50a)
TP-LINK Wireless Client Utility (Version: 7.0)
UltraISO Premium V9.35
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
VLC media player 1.0.5 (Version: 1.0.5)
Vypínač na dobrou noc verze 1.0.1
welcome (Version: 11.0.21500.0.4)
Win7codecs (Version: 1.2.2)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR

==================== Restore Points =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1027E6AF-8A6F-4262-A176-F88691AD9C82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {3DBECC24-F435-45AD-928F-2BC56CDB0E13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-18] (Google Inc.)
Task: {70D420A2-02BC-43AD-9899-705BD8DDBE0C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {E4423763-C0A5-405D-8E2B-E3C30E486D86} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-18] (Google Inc.)
Task: {F0FEC1C8-6958-450A-9927-84B8FBE7852A} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {F21847A4-A4AD-41D8-863D-93FFB9D336B9} - System32\Tasks\User_Feed_Synchronization-{622894C5-84A7-46DF-924B-0E7C3F2DFACB} => C:\Windows\system32\msfeedssync.exe [2013-03-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:592D7272

==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2013 01:47:13 PM) (Source: ESENT) (User: )
Description: taskhost (1960) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/14/2013 01:01:31 PM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (09/14/2013 00:02:03 PM) (Source: ESENT) (User: )
Description: taskhost (240) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/14/2013 11:55:18 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18205, časové razítko: 0x51db96c5
Kód výjimky: 0xc0150010
Posun chyby: 0x00083fd3
ID chybujícího procesu: 0x6c0
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 11:48:15 AM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (09/14/2013 11:45:14 AM) (Source: ESENT) (User: )
Description: taskhost (360) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/14/2013 10:02:29 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Služba Šifrování neinicializovala záložní objekt System Writer systému VSS.


Details:
Could not query the status of the EventSystem service.

System Error:
Probíhá vypnutí systému.
.

Error: (09/14/2013 09:57:39 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18205, časové razítko: 0x51db96c5
Kód výjimky: 0xc0150010
Posun chyby: 0x00083fd3
ID chybujícího procesu: 0x6dc
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 09:57:39 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Kód výjimky: 0xc0000005
Posun chyby: 0x00078d5e
ID chybujícího procesu: 0x6dc
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 09:47:53 AM) (Source: ESENT) (User: )
Description: taskhost (1204) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (09/14/2013 02:04:57 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:04:27 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:03:57 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:03:27 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:02:57 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:02:26 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:01:56 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:01:26 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:00:56 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 02:00:26 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 2047.55 MB
Available physical RAM: 1470.45 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 3300.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:58.84 GB) NTFS
Drive g: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT32
Drive i: (Nový svazek) (Fixed) (Total:698.64 GB) (Free:100.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 14231422)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 74C920E4)
Partition 1: (Not Active) - (Size=699 GB) - (Type=42)

========================================================
Disk: 2 (Size: 490 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=490 MB) - (Type=0B)

==================== End Of Log ============================

[tomastt]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 04
Ran by Radim (administrator) on RADIM-PC on 14-09-2013 14:01:09
Running from G:\
Windows 7 Ultimate Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.)
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PinnacleDriverCheck] - C:\Windows\system32\PSDrvCheck.exe [406016 2004-03-10] ()
HKLM\...\Run: [USBToolTip] - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET)
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kooperativa - PDF Server.lnk
ShortcutTarget: Kooperativa - PDF Server.lnk -> C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe ()
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk
ShortcutTarget: lczj2w7d.lnk -> d7w2jzcl.plz,GL300 (No File)
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Programy\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1

FireFox:
========
FF ProfilePath: C:\Users\Radim\AppData\Roaming\Mozilla\Firefox\Profiles\1rd4uxuf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\FireFox\Extensions: [ntfdsaftsfdfdxx@mozilla.org] - C:\Users\Radim\AppData\Roaming\iPumper\extension_firefox.xpi
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR HKLM\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Radim\AppData\Roaming\iPumper\extension_chrome.crx

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-09-14] (SurfRight B.V.)
S3 Microsoft Office Groove Audit Service; C:\Programy\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S2 Winmgmt; C:\PROGRA~2\d7w2jzcl.plz [x]

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R3 ASAPIW2k; C:\Windows\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 DumaNT; C:\Windows\System32\DRIVERS\dumant.sys [399700 2002-11-18] (NVIDIA Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2011-02-25] (Huawei Technologies Co., Ltd.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-07-10] ()
U3 a2u24c9k; C:\Windows\System32\Drivers\a2u24c9k.sys [0 ] (Advanced Micro Devices)
U3 a8l3qoea; C:\Windows\System32\Drivers\a8l3qoea.sys [0 ] (Advanced Micro Devices)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-14 12:04 - 2013-09-14 12:04 - 00000000 ____D C:\FRST
2013-09-14 11:48 - 2013-09-14 11:48 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-12 22:45 - 2013-09-14 12:01 - 00000000 _____ C:\ProgramData\lczj2w7d.ctrl
2013-09-12 22:45 - 2013-09-12 23:20 - 95025368 ____T C:\ProgramData\lczj2w7d.pff
2013-09-12 13:59 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:59 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:59 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:59 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:59 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:59 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 04:44 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 04:44 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 04:44 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 04:44 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 04:43 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 04:43 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 04:43 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 04:43 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-08 11:46 - 2013-09-12 19:07 - 00000210 _____ C:\Users\Radim\Desktop\!0.1!.txt
2013-09-05 22:15 - 2013-09-11 22:15 - 00056832 _____ C:\Users\Radim\Desktop\Plán seminářů - září - september 2013.xls
2013-09-05 22:13 - 2013-09-11 22:14 - 00012775 _____ C:\Users\Radim\Desktop\Plán tréninků 09 2013.xlsx
2013-08-27 00:03 - 2013-09-12 13:49 - 00000252 _____ C:\Users\Radim\Desktop\DNES.txt
2013-08-24 12:46 - 2013-08-24 12:46 - 14012484 _____ C:\Users\Radim\Downloads\SaltLakesDeadSea.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 22843406 _____ C:\Users\Radim\Downloads\AucklandOneTreeHillIanRushton.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 15412792 _____ C:\Users\Radim\Downloads\Hawaii.themepack
2013-08-19 14:43 - 2013-08-19 14:43 - 00000140 _____ C:\Users\Radim\Desktop\NÁVOD-ZFP.txt
2013-08-15 08:14 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:14 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 08:14 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 08:14 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:14 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:13 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 08:13 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 08:12 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-15 08:12 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-14 13:56 - 2013-01-04 14:57 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-14 13:54 - 2009-07-14 06:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 13:54 - 2009-07-14 06:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 13:47 - 2012-01-28 16:56 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-09-14 13:47 - 2010-04-18 23:56 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-14 13:46 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-14 13:46 - 2009-07-14 06:39 - 00212587 _____ C:\Windows\setupact.log
2013-09-14 13:45 - 2010-04-09 15:50 - 01986530 _____ C:\Windows\WindowsUpdate.log
2013-09-14 13:33 - 2010-04-18 23:56 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-14 13:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-14 12:04 - 2013-09-14 12:04 - 00000000 ____D C:\FRST
2013-09-14 12:01 - 2013-09-12 22:45 - 00000000 _____ C:\ProgramData\lczj2w7d.ctrl
2013-09-14 11:48 - 2013-09-14 11:48 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-14 10:00 - 2010-04-10 12:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 23:20 - 2013-09-12 22:45 - 95025368 ____T C:\ProgramData\lczj2w7d.pff
2013-09-12 22:23 - 2013-08-04 17:45 - 00000719 _____ C:\Users\Radim\Desktop\!0!.txt
2013-09-12 22:21 - 2010-04-10 19:32 - 00000000 ____D C:\Users\Radim\AppData\Roaming\vlc
2013-09-12 21:10 - 2010-04-22 00:58 - 00000000 ____D C:\Users\Radim\AppData\Roaming\dvdcss
2013-09-12 20:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 20:53 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-12 19:07 - 2013-09-08 11:46 - 00000210 _____ C:\Users\Radim\Desktop\!0.1!.txt
2013-09-12 19:02 - 2010-04-09 16:03 - 01478586 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 18:54 - 2009-07-14 06:33 - 00484768 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:56 - 2013-07-25 12:36 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:52 - 2010-04-10 19:16 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 13:49 - 2013-08-27 00:03 - 00000252 _____ C:\Users\Radim\Desktop\DNES.txt
2013-09-12 11:32 - 2013-07-18 22:26 - 00000302 _____ C:\Users\Radim\Desktop\! 1 !.txt
2013-09-12 10:38 - 2013-04-12 11:44 - 00000823 _____ C:\Users\Radim\Desktop\! ! ! ! !.txt
2013-09-11 22:15 - 2013-09-05 22:15 - 00056832 _____ C:\Users\Radim\Desktop\Plán seminářů - září - september 2013.xls
2013-09-11 22:14 - 2013-09-05 22:13 - 00012775 _____ C:\Users\Radim\Desktop\Plán tréninků 09 2013.xlsx
2013-09-11 20:56 - 2013-06-07 23:12 - 00000415 _____ C:\Users\Radim\Desktop\Peníze.txt
2013-09-11 20:56 - 2013-01-04 14:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 20:56 - 2011-06-01 21:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-08 14:26 - 2011-09-18 11:24 - 00000000 ____D C:\Users\Radim\Desktop\Lemmings
2013-09-06 10:13 - 2013-08-06 13:32 - 00000560 _____ C:\Users\Radim\Desktop\D.txt
2013-08-26 19:46 - 2009-07-14 06:53 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-24 12:46 - 2013-08-24 12:46 - 14012484 _____ C:\Users\Radim\Downloads\SaltLakesDeadSea.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 22843406 _____ C:\Users\Radim\Downloads\AucklandOneTreeHillIanRushton.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 15412792 _____ C:\Users\Radim\Downloads\Hawaii.themepack
2013-08-21 23:19 - 2013-07-11 11:23 - 00000349 _____ C:\Users\Radim\Desktop\!.txt
2013-08-20 23:01 - 2013-04-03 23:30 - 00000259 _____ C:\Users\Radim\Desktop\! !.txt
2013-08-19 14:43 - 2013-08-19 14:43 - 00000140 _____ C:\Users\Radim\Desktop\NÁVOD-ZFP.txt
2013-08-16 20:43 - 2012-12-29 12:06 - 00026112 _____ C:\Users\Radim\Desktop\výměna věcí z auta.xls
2013-08-15 19:58 - 2013-02-11 23:57 - 00020992 _____ C:\Users\Radim\Desktop\Zbylé kontakty.xls

Files to move or delete:
====================
C:\ProgramData\lczj2w7d.ctrl
C:\ProgramData\lczj2w7d.pff


Some content of TEMP:
====================
C:\Users\Radim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Radim\AppData\Local\Temp\fgowwarwqqaphiohrio.bfg
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10FF.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10IE.exe
C:\Users\Radim\AppData\Local\Temp\ose00000.exe
C:\Users\Radim\AppData\Local\Temp\RTBK.EXE
C:\Users\Radim\AppData\Local\Temp\Setup.exe
C:\Users\Radim\AppData\Local\Temp\tmpCE53.exe
C:\Users\Radim\AppData\Local\Temp\toolbar2332031.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13719890.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13729984.exe
C:\Users\Radim\AppData\Local\Temp\wervwyuu0.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-14 12:51

==================== End Of Log ============================

[tomastt]

musim odjet dorazim k večeru zatim

[vyosek]

No ale zda se mi, ze to neni udelano jak by melo...

Stahl jste si ten FRSTL a ulozil na Plochu a pak spustil? Jelikoz je tam nekolik chyb v logu atd...

Takze prosim pak zopakujte

[tomastt]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 04
Ran by Radim at 2013-09-14 16:53:57
Running from C:\Users\Radim\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.168)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.7) - Czech (Version: 10.1.7)
Akamai NetSession Interface Service
Aktualizace NVIDIA 1.10.8 (Version: 1.10.8)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
Big Fish Games: Game Manager (Version: 2.0.0.28)
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
CD-LabelPrint
CloneCD
ConvertXtoDVD 2.0.16 (Version: 2.0.16)
DivX Converter (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.5.0.8)
DivX Version Checker (Version: 7.0.0.19)
DVD Shrink 3.2
DVDFab 6.2.1.8 (31/12/2009)
Epson Easy Photo Print 2 (Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0009)
EPSON Scan
EPSON SX130 Series Printer Uninstall
ESET NOD32 Antivirus (Version: 5.2.9.12)
Expert (Version: 2.0.51.0)
Google Chrome (Version: 29.0.1547.66)
Google Update Helper (Version: 1.3.21.153)
GTA San Andreas (Version: 1.00.00001)
Haali Media Splitter
High-Definition Video Playback (Version: 11.1.10400.2.65)
HitmanPro 3.7 (Version: 3.7.7.205)
Huawei Drivers (Version: 4.22.19.00)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 33 (Version: 6.0.330)
Mafia (Version: 1.02)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 cs) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 11 (Version: 11.0.10700)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11200.12.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11300.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.0.16000.13.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.10000.1.0)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.15000.1.12)
Nero CoverDesigner 11 (Version: 6.0.10800.11.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Express 11 (Version: 11.0.11700.23.100)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Kwik Media (Version: 1.10.19300.93.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Recode 11 (Version: 5.0.13300.32.100)
Nero Recode 11 Help (CHM) (Version: 11.0.10300)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SoundTrax 11 (Version: 5.0.10400.4.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.10623.22.0)
Nero Video 11 (Version: 8.0.14000.21.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero WaveEditor 11 (Version: 6.0.10800.5.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20007)
neroxml (Version: 1.0.0)
Network Play System (Patching)
Nokia Connectivity Cable Driver (Version: 7.1.32.64)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Ovladače grafiky 307.83 (Version: 307.83)
NVIDIA Update Components (Version: 1.10.8)
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Opera 12.16 (Version: 12.16.1860)
Ovládací panel NVIDIA 307.83 (Version: 307.83)
Ovladače videa společnosti Pinnacle (Version: 12.1.0.030)
Pinnacle Hollywood FX for Studio
Pinnacle Studio 14 (Version: 14.0.0.7255)
Realtek AC'97 Audio (Version: 5.37)
Realtek High Definition Audio Driver (Version: 6.0.1.6043)
Registrace uživatele zařízení Canon iP5300
SmartSound Quicktracks Plugin (Version: 3.0.2.4)
Studio 9 (Version: 9.4)
The Sims Superstar
TmNationsForever
Total Commander (Remove or Repair) (Version: 7.50a)
TP-LINK Wireless Client Utility (Version: 7.0)
UltraISO Premium V9.35
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
VLC media player 1.0.5 (Version: 1.0.5)
Vypínač na dobrou noc verze 1.0.1
welcome (Version: 11.0.21500.0.4)
Win7codecs (Version: 1.2.2)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR

==================== Restore Points =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1027E6AF-8A6F-4262-A176-F88691AD9C82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {3DBECC24-F435-45AD-928F-2BC56CDB0E13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-18] (Google Inc.)
Task: {70D420A2-02BC-43AD-9899-705BD8DDBE0C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {E4423763-C0A5-405D-8E2B-E3C30E486D86} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-18] (Google Inc.)
Task: {F0FEC1C8-6958-450A-9927-84B8FBE7852A} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {F21847A4-A4AD-41D8-863D-93FFB9D336B9} - System32\Tasks\User_Feed_Synchronization-{622894C5-84A7-46DF-924B-0E7C3F2DFACB} => C:\Windows\system32\msfeedssync.exe [2013-03-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:592D7272

==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2013 01:47:13 PM) (Source: ESENT) (User: )
Description: taskhost (1960) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/14/2013 01:01:31 PM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (09/14/2013 00:02:03 PM) (Source: ESENT) (User: )
Description: taskhost (240) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/14/2013 11:55:18 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18205, časové razítko: 0x51db96c5
Kód výjimky: 0xc0150010
Posun chyby: 0x00083fd3
ID chybujícího procesu: 0x6c0
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 11:48:15 AM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (09/14/2013 11:45:14 AM) (Source: ESENT) (User: )
Description: taskhost (360) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/14/2013 10:02:29 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Služba Šifrování neinicializovala záložní objekt System Writer systému VSS.


Details:
Could not query the status of the EventSystem service.

System Error:
Probíhá vypnutí systému.
.

Error: (09/14/2013 09:57:39 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18205, časové razítko: 0x51db96c5
Kód výjimky: 0xc0150010
Posun chyby: 0x00083fd3
ID chybujícího procesu: 0x6dc
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 09:57:39 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Kód výjimky: 0xc0000005
Posun chyby: 0x00078d5e
ID chybujícího procesu: 0x6dc
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 09:47:53 AM) (Source: ESENT) (User: )
Description: taskhost (1204) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (09/14/2013 04:55:33 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:55:03 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:54:33 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:54:03 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:53:33 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:53:03 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:52:33 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:52:03 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:51:33 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 04:51:02 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 2047.55 MB
Available physical RAM: 1435.05 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 3278.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:58.84 GB) NTFS
Drive g: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT32
Drive i: (Nový svazek) (Fixed) (Total:698.64 GB) (Free:100.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 14231422)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 74C920E4)
Partition 1: (Not Active) - (Size=699 GB) - (Type=42)

========================================================
Disk: 2 (Size: 490 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=490 MB) - (Type=0B)

==================== End Of Log ============================

[tomastt]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 04
Ran by Radim (administrator) on RADIM-PC on 14-09-2013 16:52:24
Running from C:\Users\Radim\Desktop
Windows 7 Ultimate Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.)
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PinnacleDriverCheck] - C:\Windows\system32\PSDrvCheck.exe [406016 2004-03-10] ()
HKLM\...\Run: [USBToolTip] - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET)
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kooperativa - PDF Server.lnk
ShortcutTarget: Kooperativa - PDF Server.lnk -> C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe ()
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk
ShortcutTarget: lczj2w7d.lnk -> d7w2jzcl.plz,GL300 (No File)
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Programy\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1

FireFox:
========
FF ProfilePath: C:\Users\Radim\AppData\Roaming\Mozilla\Firefox\Profiles\1rd4uxuf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\FireFox\Extensions: [ntfdsaftsfdfdxx@mozilla.org] - C:\Users\Radim\AppData\Roaming\iPumper\extension_firefox.xpi
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR HKLM\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Radim\AppData\Roaming\iPumper\extension_chrome.crx

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-09-14] (SurfRight B.V.)
S3 Microsoft Office Groove Audit Service; C:\Programy\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S2 Winmgmt; C:\PROGRA~2\d7w2jzcl.plz [x]

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R3 ASAPIW2k; C:\Windows\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 DumaNT; C:\Windows\System32\DRIVERS\dumant.sys [399700 2002-11-18] (NVIDIA Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2011-02-25] (Huawei Technologies Co., Ltd.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-07-10] ()
U3 a2u24c9k; C:\Windows\System32\Drivers\a2u24c9k.sys [0 ] (Advanced Micro Devices)
U3 a8l3qoea; C:\Windows\System32\Drivers\a8l3qoea.sys [0 ] (Advanced Micro Devices)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-14 16:51 - 2013-09-14 16:48 - 01083285 _____ (Farbar) C:\Users\Radim\Desktop\FRST.exe
2013-09-14 12:04 - 2013-09-14 12:04 - 00000000 ____D C:\FRST
2013-09-14 11:48 - 2013-09-14 11:48 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-12 22:45 - 2013-09-14 12:01 - 00000000 _____ C:\ProgramData\lczj2w7d.ctrl
2013-09-12 22:45 - 2013-09-12 23:20 - 95025368 ____T C:\ProgramData\lczj2w7d.pff
2013-09-12 13:59 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:59 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:59 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:59 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:59 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:59 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 04:44 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 04:44 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 04:44 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 04:44 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 04:43 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 04:43 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 04:43 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 04:43 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-08 11:46 - 2013-09-12 19:07 - 00000210 _____ C:\Users\Radim\Desktop\!0.1!.txt
2013-09-05 22:15 - 2013-09-11 22:15 - 00056832 _____ C:\Users\Radim\Desktop\Plán seminářů - září - september 2013.xls
2013-09-05 22:13 - 2013-09-11 22:14 - 00012775 _____ C:\Users\Radim\Desktop\Plán tréninků 09 2013.xlsx
2013-08-27 00:03 - 2013-09-12 13:49 - 00000252 _____ C:\Users\Radim\Desktop\DNES.txt
2013-08-24 12:46 - 2013-08-24 12:46 - 14012484 _____ C:\Users\Radim\Downloads\SaltLakesDeadSea.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 22843406 _____ C:\Users\Radim\Downloads\AucklandOneTreeHillIanRushton.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 15412792 _____ C:\Users\Radim\Downloads\Hawaii.themepack
2013-08-19 14:43 - 2013-08-19 14:43 - 00000140 _____ C:\Users\Radim\Desktop\NÁVOD-ZFP.txt
2013-08-15 08:14 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:14 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 08:14 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 08:14 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:14 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:13 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 08:13 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 08:12 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-15 08:12 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-14 16:48 - 2013-09-14 16:51 - 01083285 _____ (Farbar) C:\Users\Radim\Desktop\FRST.exe
2013-09-14 16:33 - 2010-04-18 23:56 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-14 15:56 - 2013-01-04 14:57 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-14 13:54 - 2009-07-14 06:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 13:54 - 2009-07-14 06:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 13:47 - 2012-01-28 16:56 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-09-14 13:47 - 2010-04-18 23:56 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-14 13:46 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-14 13:46 - 2009-07-14 06:39 - 00212587 _____ C:\Windows\setupact.log
2013-09-14 13:45 - 2010-04-09 15:50 - 01986530 _____ C:\Windows\WindowsUpdate.log
2013-09-14 13:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-14 12:04 - 2013-09-14 12:04 - 00000000 ____D C:\FRST
2013-09-14 12:01 - 2013-09-12 22:45 - 00000000 _____ C:\ProgramData\lczj2w7d.ctrl
2013-09-14 11:48 - 2013-09-14 11:48 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-14 10:00 - 2010-04-10 12:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 23:20 - 2013-09-12 22:45 - 95025368 ____T C:\ProgramData\lczj2w7d.pff
2013-09-12 22:23 - 2013-08-04 17:45 - 00000719 _____ C:\Users\Radim\Desktop\!0!.txt
2013-09-12 22:21 - 2010-04-10 19:32 - 00000000 ____D C:\Users\Radim\AppData\Roaming\vlc
2013-09-12 21:10 - 2010-04-22 00:58 - 00000000 ____D C:\Users\Radim\AppData\Roaming\dvdcss
2013-09-12 20:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 20:53 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-12 19:07 - 2013-09-08 11:46 - 00000210 _____ C:\Users\Radim\Desktop\!0.1!.txt
2013-09-12 19:02 - 2010-04-09 16:03 - 01478586 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 18:54 - 2009-07-14 06:33 - 00484768 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:56 - 2013-07-25 12:36 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:52 - 2010-04-10 19:16 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 13:49 - 2013-08-27 00:03 - 00000252 _____ C:\Users\Radim\Desktop\DNES.txt
2013-09-12 11:32 - 2013-07-18 22:26 - 00000302 _____ C:\Users\Radim\Desktop\! 1 !.txt
2013-09-12 10:38 - 2013-04-12 11:44 - 00000823 _____ C:\Users\Radim\Desktop\! ! ! ! !.txt
2013-09-11 22:15 - 2013-09-05 22:15 - 00056832 _____ C:\Users\Radim\Desktop\Plán seminářů - září - september 2013.xls
2013-09-11 22:14 - 2013-09-05 22:13 - 00012775 _____ C:\Users\Radim\Desktop\Plán tréninků 09 2013.xlsx
2013-09-11 20:56 - 2013-06-07 23:12 - 00000415 _____ C:\Users\Radim\Desktop\Peníze.txt
2013-09-11 20:56 - 2013-01-04 14:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 20:56 - 2011-06-01 21:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-08 14:26 - 2011-09-18 11:24 - 00000000 ____D C:\Users\Radim\Desktop\Lemmings
2013-09-06 10:13 - 2013-08-06 13:32 - 00000560 _____ C:\Users\Radim\Desktop\D.txt
2013-08-26 19:46 - 2009-07-14 06:53 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-24 12:46 - 2013-08-24 12:46 - 14012484 _____ C:\Users\Radim\Downloads\SaltLakesDeadSea.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 22843406 _____ C:\Users\Radim\Downloads\AucklandOneTreeHillIanRushton.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 15412792 _____ C:\Users\Radim\Downloads\Hawaii.themepack
2013-08-21 23:19 - 2013-07-11 11:23 - 00000349 _____ C:\Users\Radim\Desktop\!.txt
2013-08-20 23:01 - 2013-04-03 23:30 - 00000259 _____ C:\Users\Radim\Desktop\! !.txt
2013-08-19 14:43 - 2013-08-19 14:43 - 00000140 _____ C:\Users\Radim\Desktop\NÁVOD-ZFP.txt
2013-08-16 20:43 - 2012-12-29 12:06 - 00026112 _____ C:\Users\Radim\Desktop\výměna věcí z auta.xls
2013-08-15 19:58 - 2013-02-11 23:57 - 00020992 _____ C:\Users\Radim\Desktop\Zbylé kontakty.xls

Files to move or delete:
====================
C:\ProgramData\lczj2w7d.ctrl
C:\ProgramData\lczj2w7d.pff


Some content of TEMP:
====================
C:\Users\Radim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Radim\AppData\Local\Temp\fgowwarwqqaphiohrio.bfg
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10FF.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10IE.exe
C:\Users\Radim\AppData\Local\Temp\ose00000.exe
C:\Users\Radim\AppData\Local\Temp\RTBK.EXE
C:\Users\Radim\AppData\Local\Temp\Setup.exe
C:\Users\Radim\AppData\Local\Temp\tmpCE53.exe
C:\Users\Radim\AppData\Local\Temp\toolbar2332031.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13719890.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13729984.exe
C:\Users\Radim\AppData\Local\Temp\wervwyuu0.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-14 12:51

==================== End Of Log ============================

[tomastt]

No ale zda se mi, ze to neni udelano jak by melo...

Stahl jste si ten FRSTL a ulozil na Plochu a pak spustil? Jelikoz je tam nekolik chyb v logu atd...

Takze prosim pak zopakujte

asi byla chyba že jsem to spustil z flešky

[vyosek]

Stahnete tedy FRSTL na plochu a z nej jej spustte...

[tomastt]

už je to hotove logy jsou výše

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[tomastt]

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/14/2013 05:19:03 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SOUNDMAN.EXE (PID: 1684) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba WMI (Winmgmt) is not Running.
Startup Type set to: Automatic

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Winmgmt => C:\PROGRA~2\d7w2jzcl.plz [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/14/2013 05:20:43 PM
Execution time: 0 hours(s), 1 minute(s), and 40 seconds(s)

[tomastt]

ComboFix 13-09-13.03 - Radim 14.09.2013 17:27:49.1.1 - x86
Spuštěný z: c:\users\Radim\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-14 do 2013-09-14 )))))))))))))))))))))))))))))))
.
.
2013-09-14 15:44 . 2013-09-14 15:44 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-09-14 15:44 . 2013-09-14 15:44 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-09-14 15:44 . 2013-09-14 15:44 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-09-14 15:44 . 2013-09-14 15:44 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-09-14 15:44 . 2013-09-14 15:44 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-09-14 15:40 . 2013-09-14 15:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-14 15:40 . 2013-09-14 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-14 15:19 . 2013-09-14 15:19 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A2EB282-E262-4AFB-AF96-B16A67EA8188}\offreg.dll
2013-09-14 10:04 . 2013-09-14 10:04 -------- d-----w- C:\FRST
2013-09-14 09:48 . 2013-09-14 09:48 -------- d-----w- c:\program files\HitmanPro
2013-09-14 09:48 . 2013-09-14 09:48 -------- d-----w- c:\programdata\HitmanPro
2013-09-12 02:44 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-12 02:44 . 2013-08-08 01:03 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-09-12 02:37 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A2EB282-E262-4AFB-AF96-B16A67EA8188}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 18:56 . 2013-01-04 12:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-11 18:56 . 2011-06-01 19:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 22:47 . 2013-09-14 15:46 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B4845FA-1E34-4BA7-A10B-BE0CECCB0E08}\mpengine.dll
2013-08-07 02:22 . 2010-04-10 16:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-15 06:14 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 06:13 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-15 06:14 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-15 06:14 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-15 06:13 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 06:14 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 06:14 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 06:14 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 06:14 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 06:14 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 06:13 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
c:\users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2011-12-3 10623488]
lczj2w7d.lnk - c:\windows\System32\rundll32.exe d7w2jzcl.plz,GL300 [2009-7-14 44544]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\programy\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-02-25 90368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-10 436792]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 103112]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-09-14 106280]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-09-14 30976]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 73216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-04-10 47360]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - HITMANPRO37
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 20:34 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-04 18:56]
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 21:56]
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 21:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 10.10.10.1
FF - ProfilePath - c:\users\Radim\AppData\Roaming\Mozilla\Firefox\Profiles\1rd4uxuf.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\HitmanPro\HitmanPro.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\programy\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-09-14 17:52:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-14 15:52
.
Před spuštěním: Volných bajtů: 63 061 540 864
Po spuštění: Volných bajtů: 68 518 539 264
.
- - End Of File - - 3D7FFA002AD6FF5F3ECFFAB8EF2E34A1
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Odinstalujte Hitmana

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk
  ShortcutTarget: lczj2w7d.lnk -> d7w2jzcl.plz,GL300 (No File)
  
  CHR HomePage: hxxp://isearch.babylon.com/?affID=11663 ... ec38c64cbb
  CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb"
  
  S2 Winmgmt; C:\PROGRA~2\d7w2jzcl.plz [x]
  R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
  
  C:\ProgramData\lczj2w7d.ctrl
  C:\ProgramData\lczj2w7d.pff
  C:\Users\Radim\AppData\Local\Temp\DivXSetup.exe
  C:\Users\Radim\AppData\Local\Temp\fgowwarwqqaphiohrio.bfg
  C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate.exe
  C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate01.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
  C:\Users\Radim\AppData\Local\Temp\KoopFlash10FF.exe
  C:\Users\Radim\AppData\Local\Temp\KoopFlash10IE.exe
  C:\Users\Radim\AppData\Local\Temp\ose00000.exe
  C:\Users\Radim\AppData\Local\Temp\RTBK.EXE
  C:\Users\Radim\AppData\Local\Temp\Setup.exe
  C:\Users\Radim\AppData\Local\Temp\tmpCE53.exe
  C:\Users\Radim\AppData\Local\Temp\toolbar2332031.exe
  C:\Users\Radim\AppData\Local\Temp\uninstall13719890.exe
  C:\Users\Radim\AppData\Local\Temp\uninstall13729984.exe
  C:\Users\Radim\AppData\Local\Temp\wervwyuu0.exe
  c:\program files\common files\akamai
  
  Hosts:
  CMD: shutdown /r /f /t 2
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[tomastt]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2013 04
Ran by Radim at 2013-09-14 18:20:32 Run:2
Running from C:\Users\Radim\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk
ShortcutTarget: lczj2w7d.lnk -> d7w2jzcl.plz,GL300 (No File)

CHR HomePage: hxxp://isearch.babylon.com/?affID=11663 ... ec38c64cbb
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb"

S2 Winmgmt; C:\PROGRA~2\d7w2jzcl.plz [x]
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)

C:\ProgramData\lczj2w7d.ctrl
C:\ProgramData\lczj2w7d.pff
C:\Users\Radim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Radim\AppData\Local\Temp\fgowwarwqqaphiohrio.bfg
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10FF.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10IE.exe
C:\Users\Radim\AppData\Local\Temp\ose00000.exe
C:\Users\Radim\AppData\Local\Temp\RTBK.EXE
C:\Users\Radim\AppData\Local\Temp\Setup.exe
C:\Users\Radim\AppData\Local\Temp\tmpCE53.exe
C:\Users\Radim\AppData\Local\Temp\toolbar2332031.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13719890.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13729984.exe
C:\Users\Radim\AppData\Local\Temp\wervwyuu0.exe
c:\program files\common files\akamai

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk => Moved successfully.
ShortcutTarget: lczj2w7d.lnk -> d7w2jzcl.plz,GL300 (No File) not found.
CHR HomePage: hxxp://isearch.babylon.com/?affID=11663 ... ec38c64cbb ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb" ==> The Chrome "Settings" can be used to fix the entry.
Winmgmt => Service restored successfully.
Akamai => Service deleted successfully.
C:\ProgramData\lczj2w7d.ctrl => Moved successfully.
C:\ProgramData\lczj2w7d.pff => Moved successfully.
"C:\Users\Radim\AppData\Local\Temp\DivXSetup.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\fgowwarwqqaphiohrio.bfg" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate01.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\KoopFlash10FF.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\KoopFlash10IE.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\RTBK.EXE" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\Setup.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\tmpCE53.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\toolbar2332031.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\uninstall13719890.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\uninstall13729984.exe" => File/Directory not found.
"C:\Users\Radim\AppData\Local\Temp\wervwyuu0.exe" => File/Directory not found.

"c:\program files\common files\akamai" directory move:

c:\program files\common files\akamai\appregistry.dat => Moved successfully.
c:\program files\common files\akamai\client.ini => Moved successfully.
c:\program files\common files\akamai\client.ini.json => Moved successfully.
c:\program files\common files\akamai\CplTasks.xml => Moved successfully.
c:\program files\common files\akamai\euc_state.json => Moved successfully.
c:\program files\common files\akamai\extraroot.pem => Moved successfully.
c:\program files\common files\akamai\guid.ini => Moved successfully.
c:\program files\common files\akamai\installer.txt => Moved successfully.
c:\program files\common files\akamai\installer_no_upload_silent.exe => Moved successfully.
c:\program files\common files\akamai\netsession_win_8fa3539.dll => Moved successfully.
c:\program files\common files\akamai\readme.txt => Moved successfully.
c:\program files\common files\akamai\root.pem => Moved successfully.
c:\program files\common files\akamai\rswinui.exe => Moved successfully.
c:\program files\common files\akamai\stubgraded => Moved successfully.
c:\program files\common files\akamai\uninstall.exe => Moved successfully.
c:\program files\common files\akamai\user.dat => Moved successfully.
Could not move "c:\program files\common files\akamai\Logs\debug.log" => Scheduled to move on reboot.
c:\program files\common files\akamai\Logs\debug.log.130907_185137.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130907_195138.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130907_201042.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_091917.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_101917.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_111918.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_121918.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_131919.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_141920.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_145124.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_162742.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_170124.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_181109.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_191110.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_194534.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_214329.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_224329.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130908_225650.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_082748.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_092749.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_102750.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_112751.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_120247.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_190035.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_200035.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_210036.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_220036.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130909_221155.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_063537.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_073538.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_073726.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_101616.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_105801.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_185343.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_195343.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_205343.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_215344.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130910_222219.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130911_071722.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130911_081722.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130911_083208.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130911_184135.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130911_194135.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130911_204136.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130911_214136.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130911_214339.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_023215.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_033216.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_035003.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_080158.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_090158.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_100158.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_110158.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_120158.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_120444.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_165058.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_165146.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_165425.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_175426.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_185427.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_195427.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_204411.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_204626.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_205214.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_211535.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_211854.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_212117.sent => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130912_212141.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_074807.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_080029.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_080546.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_081219.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_081636.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_081708.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_094531.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_095523.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_100200.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_110200.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_114530.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_114714.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_124715.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_134716.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_144716.upload => Moved successfully.
c:\program files\common files\akamai\Logs\debug.log.130914_154504.upload => Moved successfully.
c:\program files\common files\akamai\Languages\chs.dll => Moved successfully.
c:\program files\common files\akamai\Languages\cht.dll => Moved successfully.
c:\program files\common files\akamai\Languages\csy.dll => Moved successfully.
c:\program files\common files\akamai\Languages\dan.dll => Moved successfully.
c:\program files\common files\akamai\Languages\deu.dll => Moved successfully.
c:\program files\common files\akamai\Languages\esp.dll => Moved successfully.
c:\program files\common files\akamai\Languages\fin.dll => Moved successfully.
c:\program files\common files\akamai\Languages\fra.dll => Moved successfully.
c:\program files\common files\akamai\Languages\ita.dll => Moved successfully.
c:\program files\common files\akamai\Languages\jpn.dll => Moved successfully.
c:\program files\common files\akamai\Languages\kor.dll => Moved successfully.
c:\program files\common files\akamai\Languages\nld.dll => Moved successfully.
c:\program files\common files\akamai\Languages\nor.dll => Moved successfully.
c:\program files\common files\akamai\Languages\plk.dll => Moved successfully.
c:\program files\common files\akamai\Languages\ptb.dll => Moved successfully.
c:\program files\common files\akamai\Languages\ptg.dll => Moved successfully.
c:\program files\common files\akamai\Languages\rus.dll => Moved successfully.
c:\program files\common files\akamai\Languages\sve.dll => Moved successfully.
c:\program files\common files\akamai\Languages\trk.dll => Moved successfully.
Could not move "c:\program files\common files\akamai" directory. => Scheduled to move on reboot.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

c:\program files\common files\akamai\Logs\debug.log => Moved successfully.
c:\program files\common files\akamai => Moved successfully.

==== End of Fixlog ====