Policejní virus v prohlížeči

[Hanke]

Dobrý den,

Před 2 dny na mne na internetu vyskočil policejní virus (verze s prezidentem), bylo to ve firefoxu, restartoval jsem prohlížeč, prohlížeč i pc zdá se funguje normálně, ale nevím jestli nemám tento virus již v systému. Děkuji předem za odpověď.

Přikládám log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michal at 2013-11-11 11:44:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (9%) free of 38 GB
Total RAM: 767 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job
C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job
C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14 542376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
10

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2013-09-24 295512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe -update plugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-08-12 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO]
C:\Documents and Settings\All Users\Data aplikací\GameXN\GameXNGO.exe [2013-02-23 348440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
C:\Documents and Settings\Michal\Data aplikací\ICQM\icq.exe [2013-09-24 28698984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\program files\real\realplayer\update\realsched.exe [2013-09-24 295512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michal^Nabídka Start^Programy^Po spuštění^Verbatim GREEN BUTTON.lnk]
C:\PROGRA~1\VERBAT~1\GREENB~1.EXE [2010-12-14 467216]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\Michal\Plocha\Skype.exe"="C:\Documents and Settings\Michal\Plocha\Skype.exe:*:Enabled:Skype "
"C:\Documents and Settings\Michal\Plocha\Skype 6.0.exe"="C:\Documents and Settings\Michal\Plocha\Skype 6.0.exe:*:Enabled:Skype "
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Michal\Plocha\Nová složka\rtmpsuck.exe"="C:\Documents and Settings\Michal\Plocha\Nová složka\rtmpsuck.exe:*:Enabled:rtmpsuck"
"C:\Documents and Settings\Michal\Plocha\RTMPDumpHelper 1.1\rtmpsuck.exe"="C:\Documents and Settings\Michal\Plocha\RTMPDumpHelper 1.1\rtmpsuck.exe:*:Enabled:rtmpsuck"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Michal\Data aplikací\ICQM\icq.exe"="C:\Documents and Settings\Michal\Data aplikací\ICQM\icq.exe:*:Enabled:ICQ"
"C:\Documents and Settings\Michal\Dokumenty\Jiné\RTMPDumpHelper 1.1\rtmpsuck.exe"="C:\Documents and Settings\Michal\Dokumenty\Jiné\RTMPDumpHelper 1.1\rtmpsuck.exe:*:Enabled:rtmpsuck"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2013-11-11 11:44:58 ----D---- C:\rsit
2013-11-04 14:32:50 ----D---- C:\Program Files\Mozilla Firefox
2013-10-21 14:57:07 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 months======

2013-11-11 11:45:02 ----D---- C:\Program Files\trend micro
2013-11-11 11:35:52 ----D---- C:\WINDOWS\Prefetch
2013-11-10 20:22:09 ----D---- C:\Documents and Settings\Michal\Data aplikací\vlc
2013-11-10 20:20:42 ----SD---- C:\WINDOWS\Tasks
2013-11-09 17:57:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-04 14:33:29 ----RD---- C:\Program Files
2013-11-04 14:33:29 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-10-21 14:57:20 ----D---- C:\WINDOWS\Temp
2013-10-21 14:57:18 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-21 14:57:07 ----D---- C:\WINDOWS\system32
2013-10-12 16:08:17 ----D---- C:\Documents and Settings\Michal\Data aplikací\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-14 225664]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-08-12 594432]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2002-08-08 89088]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-08-12 319488]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-21 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-04 119408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Hanke]

Tady to je:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.11.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michal :: LANSKI [administrátor]

Ochrana: Povolena

11.11.2013 18:27:17
MBAM-log-2013-11-11 (19-05-29).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 247059
Uplynulý čas: 36 minut, 39 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Usenetnl (PUP.ForceInstaller) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0S1G1M1G1I1O2Wzr1C1M -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 7
C:\Documents and Settings\Michal\Local Settings\Temp\PrI2QyB9.exe.part (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Michal\Local Settings\Temp\Eqn3EPzj.exe.part (PUP.Optional.Installrex) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Michal\Local Settings\Temporary Internet Files\Content.IE5\567LEDKA\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Michal\Plocha\Záloha 5.1. 2013 (Potvrz.)\Instalace\Programy\Unlocker1.9.1.exe (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Usenet.nl\un_v8_uninstall.exe (PUP.ForceInstaller) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{075A43D0-0368-4118-A34A-35A98980632D}\RP10\A0002337.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{075A43D0-0368-4118-A34A-35A98980632D}\RP11\A0002364.exe (PUP.Optional.Freemium.A) -> Nebyla provedena žádná instrukce.

(konec)

[vyosek]

Nalezy MBAMu smazte

Dejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

[Hanke]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Michal (administrator) on LANSKI on 12-11-2013 09:48:46
Running from C:\Documents and Settings\Michal\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\WINDOWS\System32\Ati2evxx.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(forum.viry.cz) C:\Documents and Settings\Michal\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-09-24] (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKCU - DefaultScope {8DCB456C-98E8-4129-BBAC-FDB820D0AD6F} URL = http://cs.wikipedia.org/w/index.php?tit ... earchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {8DCB456C-98E8-4129-BBAC-FDB820D0AD6F} URL = http://cs.wikipedia.org/w/index.php?tit ... earchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\zr6iy2gh.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\zr6iy2gh.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: greasemonkey - C:\Documents and Settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\zr6iy2gh.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome:
=======
CHR Extension: () - C:\DOCUME~1\Michal\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.9_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

========================== Services (Whitelisted) =================

R2 6to4; C:\Windows\System32\6to4svc.dll [100352 2008-04-14] (Microsoft Corporation)
R2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [319488 2003-08-12] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R3 cs429x; C:\Windows\System32\drivers\cwawdm.sys [89088 2002-08-08] (Cirrus Logic, Inc.)
R3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-11-11] (Malwarebytes Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [52128 2003-10-10] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [62720 2003-10-10] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-09-06] (Protection Technology)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [225664 2008-04-14] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 09:47 - 2013-11-12 09:47 - 00000000 ____D C:\FRST
2013-11-12 09:45 - 2013-11-12 09:45 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Michal\Plocha\FRSTLauncher.exe
2013-11-12 09:44 - 2013-11-12 09:44 - 01090275 _____ (Farbar) C:\Documents and Settings\Michal\Plocha\FRST.exe
2013-11-12 09:43 - 2013-11-12 09:43 - 00112107 _____ (forum.viry.cz) C:\Documents and Settings\Michal\Plocha\VerzeOS.exe
2013-11-11 18:22 - 2013-11-11 18:22 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-11-11 18:13 - 2013-11-11 18:13 - 00000784 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2013-11-11 18:13 - 2013-11-11 18:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-11 18:13 - 2013-11-11 18:13 - 00000000 ____D C:\Documents and Settings\Michal\Data aplikací\Malwarebytes
2013-11-11 18:13 - 2013-11-11 18:13 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2013-11-11 18:13 - 2013-11-11 18:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-11-11 18:13 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-11 11:44 - 2013-11-11 11:45 - 00000000 ____D C:\rsit
2013-11-11 11:38 - 2013-11-11 11:38 - 00781909 _____ C:\Documents and Settings\Michal\Plocha\RSIT.exe
2013-11-10 16:25 - 2013-11-11 12:25 - 00000000 ____D C:\Documents and Settings\Michal\Plocha\MB
2013-11-04 14:32 - 2013-11-04 14:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-21 14:57 - 2013-10-21 14:57 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-21 14:51 - 2013-11-11 23:57 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified Files and Folders =======

2013-11-12 09:47 - 2013-11-12 09:47 - 00000000 ____D C:\FRST
2013-11-12 09:47 - 2011-12-16 21:00 - 00000000 ___HD C:\Documents and Settings\Michal\Local Settings\Data aplikací
2013-11-12 09:47 - 2011-12-16 21:00 - 00000000 ____D C:\Documents and Settings\Michal\Plocha
2013-11-12 09:45 - 2013-11-12 09:45 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Michal\Plocha\FRSTLauncher.exe
2013-11-12 09:44 - 2013-11-12 09:44 - 01090275 _____ (Farbar) C:\Documents and Settings\Michal\Plocha\FRST.exe
2013-11-12 09:43 - 2013-11-12 09:43 - 00112107 _____ (forum.viry.cz) C:\Documents and Settings\Michal\Plocha\VerzeOS.exe
2013-11-12 00:09 - 2013-09-24 18:21 - 00010941 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-11 23:57 - 2013-10-21 14:51 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-11 23:40 - 2011-12-16 21:37 - 01045958 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-11 23:39 - 2013-09-22 14:56 - 00000302 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job
2013-11-11 23:39 - 2013-09-22 14:54 - 00000288 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job
2013-11-11 23:39 - 2013-09-22 14:54 - 00000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job
2013-11-11 23:38 - 2011-12-16 21:39 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-11 23:38 - 2011-12-16 21:39 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-11 23:38 - 2011-12-16 20:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-11 23:38 - 2001-10-25 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-11 23:37 - 2012-06-16 08:53 - 00032592 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-11 23:37 - 2012-04-25 03:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-11 23:37 - 2011-12-16 21:00 - 00000178 ___SH C:\Documents and Settings\Michal\ntuser.ini
2013-11-11 18:22 - 2013-11-11 18:22 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-11-11 18:13 - 2013-11-11 18:13 - 00000784 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2013-11-11 18:13 - 2013-11-11 18:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-11 18:13 - 2013-11-11 18:13 - 00000000 ____D C:\Documents and Settings\Michal\Data aplikací\Malwarebytes
2013-11-11 18:13 - 2013-11-11 18:13 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2013-11-11 18:13 - 2013-11-11 18:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-11-11 18:13 - 2011-12-16 21:37 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-11-11 18:13 - 2011-12-16 21:37 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-11-11 18:13 - 2011-12-16 21:36 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-11-11 18:13 - 2011-12-16 21:00 - 00000000 __RHD C:\Documents and Settings\Michal\Data aplikací
2013-11-11 12:34 - 2013-09-24 13:50 - 00000000 ____D C:\Documents and Settings\Michal\Data aplikací\vlc
2013-11-11 12:25 - 2013-11-10 16:25 - 00000000 ____D C:\Documents and Settings\Michal\Plocha\MB
2013-11-11 11:45 - 2013-11-11 11:44 - 00000000 ____D C:\rsit
2013-11-11 11:45 - 2013-09-18 21:34 - 00000000 ____D C:\Program Files\trend micro
2013-11-11 11:38 - 2013-11-11 11:38 - 00781909 _____ C:\Documents and Settings\Michal\Plocha\RSIT.exe
2013-11-10 20:14 - 2013-09-22 14:56 - 00000310 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job
2013-11-08 12:10 - 2011-12-16 21:00 - 00000000 ____D C:\Documents and Settings\Michal\Dokumenty
2013-11-05 13:42 - 2011-12-16 22:00 - 00002545 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Word.lnk
2013-11-04 14:33 - 2013-11-04 14:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-03 15:23 - 2013-09-24 14:23 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job
2013-10-26 22:09 - 2013-09-22 18:46 - 00000232 _____ C:\Documents and Settings\Michal\.swfinfo
2013-10-21 14:57 - 2013-10-21 14:57 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-21 14:57 - 2012-04-09 10:53 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-21 14:57 - 2011-12-17 00:27 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-21 14:51 - 2011-12-17 02:07 - 00000000 ____D C:\Documents and Settings\Michal\Local Settings\Data aplikací\Adobe

Some content of TEMP:
====================
C:\Documents and Settings\Michal\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Michal\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\Michal\Local Settings\Temp\hpzscr01.exe
C:\Documents and Settings\Michal\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Michal\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Michal\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Michal\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\Michal\Local Settings\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2002-09-20 18:05] - [2008-04-14 08:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2002-09-20 18:05] - [2008-04-14 08:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2001-10-25 13:00] - [2008-04-14 08:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2001-10-25 13:00] - [2008-04-14 08:52] - 0108544 ____A (Microsoft Corporation) f0d2ae69035092bf22dad6b50fab85c2

C:\Windows\System32\User32.dll
[2002-09-20 18:04] - [2008-04-14 08:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2002-09-20 18:05] - [2008-04-14 08:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2001-10-25 13:00] - [2008-04-14 07:42] - 0052480 ___AC (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1





===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:37.26 GB) (Free:3.23 GB) NTFS ==>[Drive with boot components (Windows XP)]

Available physical RAM: 354.09 MB
Total physical RAM: 767.43 MB
Percentage of memory in use: 53%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 37 GB) (Disk ID: A4AFA4AF)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Michal\Plocha" je 25506 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE
"C:\Documents and Settings\All Users\Data aplikac\GameXN\GameXNGO.exe" /startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO
C:\Documents and Settings\Michal\Data aplikac\ICQM\icq.exe -CU [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
"C:\program files\real\realplayer\update\realsched.exe" -osboot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^HP Digital Imaging Monitor.lnk
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michal^Nabdka Start^Programy^Po sputn^Verbatim GREEN BUTTON.lnk
C:\PROGRA~1\VERBAT~1\GREENB~1.EXE /a [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\msiexec.exe"="C:\\WINDOWS\\system32\\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Michal\\Plocha\\Skype.exe"="C:\\Documents and Settings\\Michal\\Plocha\\Skype.exe:*:Enabled:Skype "
"C:\\Documents and Settings\\Michal\\Plocha\\Skype 6.0.exe"="C:\\Documents and Settings\\Michal\\Plocha\\Skype 6.0.exe:*:Enabled:Skype "
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"C:\\Documents and Settings\\Michal\\Plocha\\Nov sloka\\rtmpsuck.exe"="C:\\Documents and Settings\\Michal\\Plocha\\Nov sloka\\rtmpsuck.exe:*:Enabled:rtmpsuck"
"C:\\Documents and Settings\\Michal\\Plocha\\RTMPDumpHelper 1.1\\rtmpsuck.exe"="C:\\Documents and Settings\\Michal\\Plocha\\RTMPDumpHelper 1.1\\rtmpsuck.exe:*:Enabled:rtmpsuck"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Michal\\Data aplikac\\ICQM\\icq.exe"="C:\\Documents and Settings\\Michal\\Data aplikac\\ICQM\\icq.exe:*:Enabled:ICQ"
"C:\\Documents and Settings\\Michal\\Dokumenty\\Jin\\RTMPDumpHelper 1.1\\rtmpsuck.exe"="C:\\Documents and Settings\\Michal\\Dokumenty\\Jin\\RTMPDumpHelper 1.1\\rtmpsuck.exe:*:Enabled:rtmpsuck"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[Hanke]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013 01
Ran by Michal at 2013-11-12 09:49:40
Running from C:\Documents and Settings\Michal\Plocha
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

µTorrent (Version: 3.3.0.29625)
32 Bit HP CIO Components Installer (Version: 1.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Czech (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
AIO_Scan (Version: 90.0.222.000)
ATI - Software Uninstall Utility (Version: 6.14.10.1005)
ATI Control Panel (Version: 6.14.10.5029)
ATI Display Driver (Version: 7.93-030812a1-011052C-Dell)
BufferChm (Version: 90.0.146.000)
CCleaner (Version: 4.01)
Copy (Version: 90.0.146.000)
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.205.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_ProductContext (Version: 90.0.236.000)
DJ_AIO_Software (Version: 90.0.222.000)
DJ_AIO_Software_min (Version: 90.0.222.000)
eSupportQFolder (Version: 1.00.0000)
F2100 (Version: 90.0.222.000)
F2100_doccd (Version: 90.0.222.000)
F2100_Help (Version: 90.0.222.000)
Free CD Ripper V2.0 (Version: 2.0.0.0)
GameXN GO
HP Customer Participation Program 9.0 (Version: 9.0)
HP Deskjet All-In-One Software 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Smart Web Printing (Version: 2.15.7.0)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.006.003)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
ICQ 8.1 (verze 6337) (HKCU Version: 8.1.6337.0)
Internet Explorer (Version: 8)
Malwarebytes Anti-Malware verze 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 90.0.146.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mozilla Firefox 25.0 (x86 cs) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
Nero BackItUp (Version: 5.2.22001)
Nero BackItUp and Burn (Version: 1.2.0031)
Nero BurnRights (Version: 3.6.26001)
Nero Express (Version: 9.6.16000)
Nero RescueAgent (Version: 2.6.26000)
Oprava Hotfix systému Windows XP (KB942288-v3) (Version: 3)
PSSWCORE (Version: 2.01.0000)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
Recuva (Version: 1.48)
Scan (Version: 9.0.0.0)
Skype™ 6.7 (Version: 6.7.102)
SolutionCenter (Version: 90.0.146.000)
Status (Version: 90.0.146.000)
swMSM (Version: 12.0.0.1)
Testy Autoškola (Version: 1.5.4)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
UnloadSupport (Version: 9.0.0)
Unlocker 1.9.1 (Version: 1.9.1)
Verbatim GREEN BUTTON 1.54
Verbatim Hard Drive Formatter
VideoToolkit01 (Version: 90.0.146.000)
VLC media player 2.0.8 (Version: 2.0.8)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 90.0.146.000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031517)
WinRAR archiver

==================== Restore Points =========================

22-09-2013 11:55:36 Kontrolní bod systému
23-09-2013 12:23:37 Kontrolní bod systému
24-09-2013 12:23:10 Removed Java(TM) 6 Update 31
24-09-2013 16:06:40 Konfigurováno Hidden & Dangerous 2
25-09-2013 21:44:17 Kontrolní bod systému
27-09-2013 13:42:42 Kontrolní bod systému
29-09-2013 10:58:25 Kontrolní bod systému
30-09-2013 11:21:03 Kontrolní bod systému
01-10-2013 12:52:42 Kontrolní bod systému
02-10-2013 17:02:23 Kontrolní bod systému
03-10-2013 18:03:49 Kontrolní bod systému
04-10-2013 18:13:00 Kontrolní bod systému
06-10-2013 12:40:15 Kontrolní bod systému
07-10-2013 13:26:46 Kontrolní bod systému
09-10-2013 14:19:59 Kontrolní bod systému
12-10-2013 18:28:54 Kontrolní bod systému
15-10-2013 07:25:22 Kontrolní bod systému
16-10-2013 11:25:08 Kontrolní bod systému
18-10-2013 09:24:14 Kontrolní bod systému
19-10-2013 14:14:10 Kontrolní bod systému
22-10-2013 08:49:37 Kontrolní bod systému
23-10-2013 13:48:27 Kontrolní bod systému
25-10-2013 10:32:32 Kontrolní bod systému
26-10-2013 17:16:51 Kontrolní bod systému
27-10-2013 18:01:13 Kontrolní bod systému
30-10-2013 15:42:00 Kontrolní bod systému
31-10-2013 19:07:26 Kontrolní bod systému
02-11-2013 12:48:19 Kontrolní bod systému
03-11-2013 14:06:20 Kontrolní bod systému
04-11-2013 14:07:50 Kontrolní bod systému
05-11-2013 15:00:00 Kontrolní bod systému
07-11-2013 13:03:24 Kontrolní bod systému
08-11-2013 16:50:23 Kontrolní bod systému
09-11-2013 17:16:52 Kontrolní bod systému
10-11-2013 17:38:43 Kontrolní bod systému
11-11-2013 18:27:44 Kontrolní bod systému

==================== Hosts content: ==========================

2001-10-25 13:00 - 2013-09-22 12:42 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2013-11-04 14:32 - 2013-11-04 14:33 - 03368048 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2001-10-25 13:00 - 2008-04-14 08:51 - 00014336 _____ () C:\WINDOWS\System32\msdmo.dll
2013-10-21 14:51 - 2013-10-21 14:51 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Síťový adaptér Ethernet
Description: Síťový adaptér Ethernet
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Modem na sběrnici PCI
Description: Modem na sběrnici PCI
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2013 06:18:23 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace mbam-setup.tmp, verze 51.52.0.0, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (10/03/2013 06:29:11 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace rundll32.exe, verze 5.1.2600.5512, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (10/03/2013 06:25:20 PM) (Source: Application Error) (User: )
Description: Chybující aplikace flvcore.exe, verze 1.0.0.1, chybující modul flvcore.exe, verze 1.0.0.1, adresa chyby 0x00002085.
Zpracování události, specifické pro médium ([flvcore.exe!ws!])

Error: (10/03/2013 06:24:37 PM) (Source: Application Error) (User: )
Description: Chybující aplikace flvcore.exe, verze 1.0.0.1, chybující modul flvcore.exe, verze 1.0.0.1, adresa chyby 0x00002085.
Zpracování události, specifické pro médium ([flvcore.exe!ws!])

Error: (10/03/2013 03:57:07 PM) (Source: crypt32) (User: )
Description: Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab> se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error: (10/03/2013 03:57:07 PM) (Source: crypt32) (User: )
Description: Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab> se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error: (09/26/2013 01:22:14 PM) (Source: Application Error) (User: )
Description: Chybující aplikace winword.exe, verze 9.0.0.2823, chybující modul hpz3r5ha.dll, verze 61.71.246.0, adresa chyby 0x000467e8.
Zpracování události, specifické pro médium ([winword.exe!ws!])

Error: (09/26/2013 01:21:55 PM) (Source: Application Error) (User: )
Description: Chybující aplikace winword.exe, verze 9.0.0.2823, chybující modul hpz3r5ha.dll, verze 61.71.246.0, adresa chyby 0x000467e8.
Zpracování události, specifické pro médium ([winword.exe!ws!])

Error: (09/24/2013 04:49:05 PM) (Source: Application Error) (User: )
Description: Chybující aplikace icq.exe, verze 8.1.6337.0, chybující modul icq.exe, verze 8.1.6337.0, adresa chyby 0x0067b623.
Zpracování události, specifické pro médium ([icq.exe!ws!])

Error: (09/24/2013 00:20:35 PM) (Source: PerfNet) (User: )
Description: Nelze otevřít službu serveru. Data o výkonu serveru nejsou
k dispozici. Vrácený chybový kód je v datech DWORD 0.


System errors:
=============
Error: (11/12/2013 09:35:10 AM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP počítače 89.176.42.145 pro
síťovou kartu se síťovou adresou 000BDB073305 byla ukončena.

Error: (11/11/2013 11:38:18 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (11/10/2013 00:18:26 PM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP počítače 89.176.42.145 pro
síťovou kartu se síťovou adresou 000BDB073305 byla ukončena.

Error: (11/10/2013 10:19:57 AM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP počítače 89.176.42.145 pro
síťovou kartu se síťovou adresou 000BDB073305 byla ukončena.

Error: (11/09/2013 03:12:15 PM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP počítače 89.176.42.145 pro
síťovou kartu se síťovou adresou 000BDB073305 byla ukončena.

Error: (11/08/2013 11:52:48 AM) (Source: W32Time) (User: )
Description: Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není aktuálně k dispozici.
Po dobu 14 minut nebude proveden žádný pokus o kontaktování zdroje.
Klient NTP nemá k dispozici žádný zdroj času.

Error: (11/08/2013 11:52:48 AM) (Source: W32Time) (User: )
Description: Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně nakonfigurovaného partnera
time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí o vyhledání pomocí služby DNS
znovu za 15 minut.
Chyba: Došlo k pokusu o operaci se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error: (11/08/2013 11:52:48 AM) (Source: W32Time) (User: )
Description: Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není aktuálně k dispozici.
Po dobu 14 minut nebude proveden žádný pokus o kontaktování zdroje.
Klient NTP nemá k dispozici žádný zdroj času.

Error: (11/08/2013 11:52:48 AM) (Source: W32Time) (User: )
Description: Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně nakonfigurovaného partnera
time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí o vyhledání pomocí služby DNS
znovu za 15 minut.
Chyba: Došlo k pokusu o operaci se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error: (11/08/2013 11:52:43 AM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP počítače 89.176.42.145 pro
síťovou kartu se síťovou adresou 000BDB073305 byla ukončena.


Microsoft Office Sessions:
=========================
Error: (11/11/2013 06:18:23 PM) (Source: Application Hang)(User: )
Description: mbam-setup.tmp51.52.0.0hungapp0.0.0.000000000

Error: (10/03/2013 06:29:11 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (10/03/2013 06:25:20 PM) (Source: Application Error)(User: )
Description: flvcore.exe1.0.0.1flvcore.exe1.0.0.100002085

Error: (10/03/2013 06:24:37 PM) (Source: Application Error)(User: )
Description: flvcore.exe1.0.0.1flvcore.exe1.0.0.100002085

Error: (10/03/2013 03:57:07 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/m ... stl.cabPři ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error: (10/03/2013 03:57:07 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/m ... stl.cabPři ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error: (09/26/2013 01:22:14 PM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.2823hpz3r5ha.dll61.71.246.0000467e8

Error: (09/26/2013 01:21:55 PM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.2823hpz3r5ha.dll61.71.246.0000467e8

Error: (09/24/2013 04:49:05 PM) (Source: Application Error)(User: )
Description: icq.exe8.1.6337.0icq.exe8.1.6337.00067b623

Error: (09/24/2013 00:20:35 PM) (Source: PerfNet)(User: )
Description:


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 767.43 MB
Available physical RAM: 354.09 MB
Total Pagefile: 1876.76 MB
Available Pagefile: 1551.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:3.23 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 37 GB) (Disk ID: A4AFA4AF)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[vyosek]

Proc nepouzivate zadny antivirovy program??

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
  BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
  
  2013-11-12 09:43 - 2013-11-12 09:43 - 00112107 _____ (forum.viry.cz) C:\Documents and Settings\Michal\Plocha\VerzeOS.exe
  
  Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
  Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
  Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
  Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
  Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
  
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe" /f
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Hanke]

Většina antivirů, které jsem měl mne zpomalovaly systém. Důležitá data si zálohuji a na tomto notebooku nic důležitého nemám. Jestli máte nějaký dobrý typ na antivir, sem s ním... . Jinak vám děkuji za spolupráci.

Tady je fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013 01
Ran by Michal at 2013-11-12 14:47:09 Run:1
Running from C:\Documents and Settings\Michal\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

2013-11-12 09:43 - 2013-11-12 09:43 - 00112107 _____ (forum.viry.cz) C:\Documents and Settings\Michal\Plocha\VerzeOS.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe" /f

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
C:\Documents and Settings\Michal\Plocha\VerzeOS.exe => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => Moved successfully.
C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => Moved successfully.
C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => Moved successfully.
C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-152049171-1060284298-1003.job => Moved successfully.
C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-152049171-1060284298-1003.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========

[vyosek]

Z bezplatnych doporucuji AVsat Free nbo BitDefender Free - BitDefender je velmi jednoduchy a zcela nenarocny

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[Hanke]

Vše v pořádku. Děkuji za radu, vyzkouším.

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat