Prosím o kontrolu logu po odvirování

Zpráva

pepis09 · #1 Příspěvek od **pepis09** » 17 kvě 2014 21:42

Prosím o kontrolu pc, provedl jsem dnes odvirování, bylo tam toho docela dost. Děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by svetla (administrator) on SVETLA-PC on 17-05-2014 22:22:38
Running from C:\Users\svetla\Downloads
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\Apoint2K\ApRunSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Apache Software Foundation) C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
() C:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Apache Software Foundation) C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6002.18005_none_8c636822b2598b6a\SLUI.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2012-07-25] (RealNetworks, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe [844464 2014-04-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\MountPoints2: E - E:\Launcher.exe
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\MountPoints2: {5aab66bc-690f-11e2-970a-001c25949a53} - E:\APPInst.exe
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\MountPoints2: {70b53396-ed62-11dd-b892-001c25949a53} - E:\.\Start.exe
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\MountPoints2: {8061edbf-cdca-11dd-bb5a-001c25949a53} - E:\Programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\MountPoints2: {d5bbebd7-6bb8-11dd-a572-001c25949a53} - S:\LenovoSDrive.exe
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!

Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\svetla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.army.cz:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={82 ... 1C25949A53}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={82 ... 1C25949A53}
URLSearchHook: HKLM - Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll No File
URLSearchHook: HKCU - Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll No File
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.as ... =CT1269415
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... FORM=LENIE
SearchScopes: HKLM - {8A96AF9E-4074-43b7-BEA3-87217BDA7406} URL = http://www.searchqu.com/web?src=ieb&sys ... earchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1269415
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... earchTerms}
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.as ... =CT1269415
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... FORM=LENIE
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTer ... 16eac51966
SearchScopes: HKCU - {0FE6B537-E2EE-47A6-8AF4-AFB170296705} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {2CF8FB46-D710-4244-AB77-3FA3A17B6846} URL = http://www.google.com/search?q={searchT ... 1I7IRFC_cs
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA7406} URL = http://www.searchqu.com/web?src=ieb&sys ... earchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1269415
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... earchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
BHO: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dll No File
Toolbar: HKLM - DebugBar (Toolbar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
Toolbar: HKCU - Download Energy Toolbar - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - C:\Program Files\Download_Energy\prxtbDow0.dll No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.181 188.75.176.2 85.132.179.206 10.100.0.1

FireFox:
========
FF ProfilePath: C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default
FF user.js: detected! => C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\user.js
FF DefaultSearchEngine: Search the web (Babylon)
FF SearchEngineOrder.1: Search the web (Babylon)
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://search.babylon.com/?AF=108298&babsrc=adbartrp&mntrId=28bce4120000000000000016eac51966&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Babylon - C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\ffxtlbr@babylon.com [2012-01-15]
FF Extension: No Name - C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\trash [2014-05-04]
FF Extension: Download Energy - C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf} [2014-05-04]
FF Extension: DownloadHelper - C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Firebug - C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\firebug@software.joehewitt.com.xpi [2011-09-07]
FF Extension: Adblock Plus - C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-04-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-25]
FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2008-08-16]

Chrome:
=======
CHR HomePage: hxxp://home.sweetim.com/?barid={82BC78D0-8AE1-11E1-80CC-001C25949A53}
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Search the web (Babylon)
CHR DefaultSearchURL: http://search.babylon.com/?q={searchTer ... 16eac51966
CHR Plugin: (Shockwave Flash) - C:\Users\svetla\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\svetla\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\svetla\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (DivX HiQ) - C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-05-02]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-02]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-05-02]
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-04-20]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-25]

========================== Services (Whitelisted) =================

R2 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [36864 2007-07-23] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$FLUKE; C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S3 SQLAgent$FLUKE; C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [32768 2008-05-25] (Lenovo Group Limited)
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2008-06-14] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-25] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-25] (Lenovo Group Limited)
R2 wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [18432 2011-09-26] (Apache Software Foundation)
R2 wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe [8176640 2012-01-25] ()
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-11] (Společnost Microsoft)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [48640 2007-07-20] (Aten Technology Inc.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2008-07-28] ()
S3 adusbnet; system32\DRIVERS\adusbnet.sys [X]
S3 adusbser; system32\DRIVERS\adusbser.sys [X]
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U4 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-17 22:22 - 2014-05-17 22:22 - 00024385 _____ () C:\Users\svetla\Downloads\FRST.txt
2014-05-17 22:22 - 2014-05-17 22:22 - 00000000 ____D () C:\FRST
2014-05-17 22:21 - 2014-05-17 22:21 - 01056768 _____ (Farbar) C:\Users\svetla\Downloads\FRST.exe
2014-05-17 16:15 - 2014-05-17 16:16 - 00000000 ____D () C:\rsit
2014-05-17 14:49 - 2014-05-17 16:25 - 00000000 ____D () C:\Users\svetla\Desktop\viry
2014-05-17 12:39 - 2014-04-28 11:43 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 22:38 - 2014-05-09 22:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 09:27 - 2014-05-08 09:27 - 02347384 _____ (ESET) C:\Users\svetla\Downloads\esetsmartinstaller_sky(1).exe

==================== One Month Modified Files and Folders =======

2014-05-17 22:22 - 2014-05-17 22:22 - 00024385 _____ () C:\Users\svetla\Downloads\FRST.txt
2014-05-17 22:22 - 2014-05-17 22:22 - 00000000 ____D () C:\FRST
2014-05-17 22:21 - 2014-05-17 22:21 - 01056768 _____ (Farbar) C:\Users\svetla\Downloads\FRST.exe
2014-05-17 22:20 - 2012-02-13 22:39 - 02068432 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 20:50 - 2008-08-16 20:37 - 02127744 _____ () C:\Windows\system32\TPAPSLOG.LOG
2014-05-17 20:30 - 2006-11-02 14:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 20:30 - 2006-11-02 14:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 16:26 - 2008-08-16 20:23 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-05-17 16:25 - 2014-05-17 14:49 - 00000000 ____D () C:\Users\svetla\Desktop\viry
2014-05-17 16:23 - 2012-02-15 09:39 - 00000000 ____D () C:\Users\svetla\Desktop\odvirovani
2014-05-17 16:16 - 2014-05-17 16:15 - 00000000 ____D () C:\rsit
2014-05-17 16:16 - 2012-02-14 00:20 - 00000000 ____D () C:\Program Files\trend micro
2014-05-17 15:49 - 2013-01-28 20:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-17 15:49 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tapi
2014-05-17 15:45 - 2011-02-28 23:59 - 00000000 ____D () C:\Program Files\ConduitEngine
2014-05-17 12:40 - 2012-10-29 11:39 - 00000000 ____D () C:\Users\svetla\.nbi
2014-05-17 01:06 - 2011-04-18 11:32 - 00000000 ____D () C:\Program Files\Download_Energy
2014-05-16 23:04 - 2013-10-28 21:17 - 00000000 ____D () C:\Users\svetla\Desktop\WORDPRESS
2014-05-16 11:59 - 2011-05-09 12:31 - 00000000 ____D () C:\Users\svetla\AppData\Roaming\Skype
2014-05-15 13:46 - 2008-12-05 12:32 - 00000600 _____ () C:\Users\svetla\AppData\Roaming\winscp.rnd
2014-05-09 22:38 - 2014-05-09 22:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 09:27 - 2014-05-08 09:27 - 02347384 _____ (ESET) C:\Users\svetla\Downloads\esetsmartinstaller_sky(1).exe
2014-05-06 09:44 - 2011-10-02 08:51 - 00046592 _____ () C:\Users\svetla\Desktop\cesta do stodoly.xls
2014-05-06 08:52 - 2013-07-02 12:33 - 00000000 ____D () C:\Users\svetla\Desktop\prodej
2014-05-03 17:56 - 2009-07-16 22:02 - 00000000 ____D () C:\Users\svetla\Documents\pepis
2014-04-28 11:43 - 2014-05-17 12:39 - 00000426 _____ () C:\AVScanner.ini
2014-04-21 10:42 - 2008-11-17 15:19 - 00000000 ____D () C:\Users\svetla\AppData\Local\Adobe
2014-04-21 10:35 - 2012-07-31 10:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-21 10:35 - 2012-07-31 10:33 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 10:35 - 2011-09-28 07:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\k4bel1vX.dat
C:\Windows\Tasks\{1B6413DF-7003-4E2B-852E-1973F6362F7E}.job
C:\Windows\Tasks\{4C5C00E5-C69F-43B7-855C-A0559061AB5B}.job
C:\Windows\Tasks\{503AC2A6-3E45-4395-9783-F6752AA8862E}.job
C:\Windows\Tasks\{6CB78A56-5736-4D0F-8BFC-C31F3364F4EF}.job
C:\Windows\Tasks\{9A094B20-F70C-4FE7-A0B9-613C6E3F7842}.job
C:\Windows\Tasks\{A6D19408-C0A4-44A7-ADC6-717CD2C03153}.job
C:\Windows\Tasks\{C2D793D0-8829-40A9-8609-5FDED661FF22}.job
C:\Windows\Tasks\{C98388BC-B9AA-4625-9CB0-3BDA05C94C26}.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-17 16:35

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by svetla at 2014-05-17 22:23:17
Running from C:\Users\svetla\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

4U AVI MPEG Converter (version 6.0.2) (HKLM\...\4U AVI MPEG Converter_is1) (Version: - 4U Computing, Inc.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0405-1E257A25E34D}) (Version: 9.0 - Název společnosti)
Adobe Photoshop CS2 (Version: 9.0 - Název společnosti) Hidden
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos 1.0 (Version: 1.0.2 - Adobe Systems) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adsen FavIcon (HKLM\...\Adsen FavIcon_is1) (Version: - Adsen Software)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E8A0BF9F-3524-1EAF-C7A7-2B3348127A75}) (Version: 3.0.678.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.503.2-080623a-066093C-Lenovo - ATI Technologies, Inc.)
Avi to Mpeg 2.1 (HKLM\...\{14BF164E-80A4-422E-BE43-39FB759666C2}_is1) (Version: - Avi to Mpeg)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.0623.2346.40662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0623.2346.40662 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0623.2346.40662 - ATI) Hidden
CCC Help Dutch (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help English (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help French (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help German (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help Italian (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help Japanese (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help Korean (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help Spanish (Version: 2008.0623.2345.40662 - ATI) Hidden
CCC Help Swedish (Version: 2008.0623.2345.40662 - ATI) Hidden
ccc-core-static (Version: 2008.0623.2346.40662 - ATI) Hidden
ccc-utility (Version: 2008.0623.2346.40662 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Cisco Networking Academy curriculum 4.0.0.0 (HKLM\...\Cisco Networking Academy curriculum_is1) (Version: - Cisco Systems, Inc.)
Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.20.0023.00 - Lenovo Group Limited)
Conduit Engine (HKLM\...\conduitEngine) (Version: 6.3.3.3 - Conduit Ltd.) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.56.0.0 - Conexant)
ConvertXtoDVD 3.3.2.100 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.3.2.100 - )
DebugBar v7.3.2 for Internet Explorer (remove only) (HKLM\...\DebugBar) (Version: 7.3.2 - Core Services)
Defraggler (HKLM\...\Defraggler) (Version: 2.00 - Piriform)
Download Energy Toolbar (HKLM\...\Download_Energy Toolbar) (Version: 6.2.7.3 - Download Energy)
Fotosvet TETA 3 (HKLM\...\Fotosvet TETA 3) (Version: - )
FTDownloader (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - FTDownloader.com) <==== ATTENTION
GDR 1617 for SQL Server 2008 R2 (KB2494088) (HKLM\...\KB2494088) (Version: 10.50.1617.0 - Microsoft Corporation)
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - )
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
IETester v0.5.2 (remove only) (HKLM\...\IETester) (Version: 0.5.2 - Core Services)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{852AFD2D-07CC-46FD-A159-671102782771}) (Version: 12.00.1000 - Intel(R) Corporation)
Java Auto Updater (Version: 2.1.5.3 - Sun Microsystems, Inc.) Hidden
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Java(TM) 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.300 - Oracle)
Java(TM) 7 Update 2 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle)
Java(TM) SE Development Kit 6 Update 21 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160210}) (Version: 1.6.0.210 - Oracle)
K-Lite Codec Pack 9.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
Lenovo Fingerprint Software (HKLM\...\{8EF140A7-B1D6-464E-82B4-C8925202FE54}) (Version: 3.1.25.80 - AuthenTec, Inc.)
Lenovo Registration (HKLM\...\Lenovo Registration) (Version: - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo Welcome v1.0.24.3 (HKLM\...\Lenovo Welcome_is1) (Version: - Lenovo)
Malwarebytes Anti-Malware verze 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01d - )
Microsoft .NET Framework 3.5 Language Pack SP1 - csy (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Language Pack 2007 – Čeština (pro Office Outlook 2007 s aplikací Business Contact Manager SP1) (HKLM\...\{9fc9803a-3582-4352-bc6d-6dd27fb95832}) (Version: 3.0.7311.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{046755CA-F677-4B7F-AF9A-6AB295A02A30}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{76866BE3-B2C7-40BB-B267-927792AED0C3}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (FLUKE) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Mobile Broadband Connect (HKLM\...\{2FAAD1C5-2D9D-4EDB-BCD1-FF6573986439}) (Version: 3.1.3050 - Lenovo)
Mozilla Firefox 29.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 29.0.1 (x86 cs)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.2 (x86 cs) (HKLM\...\Mozilla Thunderbird 17.0.2 (x86 cs)) (Version: 17.0.2 - Mozilla)
Mp3 Knife 3.2 (HKLM\...\Mp3 Knife_is1) (Version: - Vicky's Cool Softwares)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 7.0.1 (HKLM\...\nbi-nb-base-7.0.1.0.0) (Version: 7.0.1 - NetBeans.org)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.12.00 - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 3.8.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )
Product Recovery Disc Burning Utility (HKLM\...\{FA62B4C2-6CFD-462F-9B59-68A730001AB3}) (Version: 1.0.0019.00 - Lenovo Group Limited)
Productivity Center Supplement for ThinkPad (HKLM\...\{D728E945-256D-4477-B377-6BBA693714AC}) (Version: 3.00b - )
PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
rajče verze 56 sestavení 154 (HKLM\...\rajče.net_is1) (Version: - rajče.net)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registr ovcí (HKLM\...\Registr ovcí_is1) (Version: - CompAct Bohemia s.r.o.)
Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - )
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (HKLM\...\Dipmon) (Version: 1.01 - )
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista (HKLM\...\FPIRPOn) (Version: 1.01 - )
Registry patch to improve USB device detection on resume from sleep for Windows Vista (HKLM\...\{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}) (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.21.0014.00 - Lenovo Group Limited)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.02 - )
Sada Compatibility Pack pro systém Office 2007 (HKLM\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Skins (Version: 2008.0623.2346.40662 - ATI) Hidden
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
Slovník Verdict Free (HKCU\...\Verdict Free) (Version: - )
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Startup Delayer v3.0 (build 326) (HKLM\...\Startup Delayer) (Version: 3.0 (build 326) - r2 Studios)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SWF Opener (HKLM\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.14.0010 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4500 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.4500 - Lenovo)
ThinkPad EasyEject Utility (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.36 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.02 - )
ThinkPad Mobility Center Customization (HKLM\...\{90FABD40-E741-446F-839D-CEAE905D63BE}) (Version: 1.50.0000 - Lenovo)
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.45 - )
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.33 - )
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.0.1602.9 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - )
ThinkVantage Access Connections (HKLM\...\{4BD295B9-0190-4C54-B08E-33A6ECA922DF}) (Version: 5.01 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.61 - Lenovo)
ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 3.00b - )
ThinkVantage Status Gadget (HKLM\...\{9CECB23C-F4BC-4FDA-A306-E544A216176A}) (Version: 1.0.3022 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 1.20 - ) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Verizon Wireless BroadbandAccess Self Activation (HKLM\...\{3F963A06-7C18-4039-9789-9644B3266AE7}) (Version: 1.3.2 - Smith Micro Software, Inc.)
Vstascan (HKLM\...\{314C19E0-7FA5-11D5-A6B4-0050BA724CB6}) (Version: - )
Wallpapers (Version: - ) Hidden
WampServer 2.2 (HKLM\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
Windows Driver Package - Broadcom (b57nd60x) Net (11/29/2007 10.62.1.2) (HKLM\...\E4ACAC6700911AAA3BC0CD6C581A68BFC6AB001E) (Version: 11/29/2007 10.62.1.2 - Broadcom)
Windows Driver Package - Intel (iaStor) hdc (07/22/2008 8.2.4.1005) (HKLM\...\3A4BCF4FDC99FD1314C1765462A054093CDEF58B) (Version: 07/22/2008 8.2.4.1005 - Intel)
Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001) (HKLM\...\0A7603E3091C168CDE422A2B3481A2F7D17D0954) (Version: 02/20/2008 6.9.1.1001 - Intel)
Windows Driver Package - Intel System (01/30/2008 8.6.1.1001) (HKLM\...\5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4) (Version: 01/30/2008 8.6.1.1001 - Intel)
Windows Driver Package - Intel System (02/20/2008 8.6.1.1002) (HKLM\...\432D918ED17EA51B73E8491A0369730C0076A292) (Version: 02/20/2008 8.6.1.1002 - Intel)
Windows Driver Package - Intel System (02/20/2008 8.7.0.1007) (HKLM\...\513C7D1BF4530B30EC84716327E4D7E76810DCC5) (Version: 02/20/2008 8.7.0.1007 - Intel)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) (HKLM\...\E6CEFD9A59425A2A27E92572AB367B28C371D3D8) (Version: 09/15/2006 7.0.0.1011 - Intel)
Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011) (HKLM\...\464CE3922A214073AAEE00DEB23EA5C750AF8CE8) (Version: 02/05/2007 8.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45) (HKLM\...\386CAF2F8306A2DD7EBAEAA5A86D98BE177DC951) (Version: 02/18/2008 1.45 - Lenovo)
Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05) (HKLM\...\1205965EF392C9B0D5A9BDB139035F058E76359E) (Version: 02/15/2008 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11) (HKLM\...\1A96FF9D9E5F19776E6749D8F6557FCC437EB294) (Version: 07/30/2007 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13) (HKLM\...\778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44) (Version: 07/30/2007 6.00.01.13 - Ricoh Company)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
Windows Live Toolbar (Version: 03.01.0130 - Microsoft Corporation) Hidden
WinSCP 4.1.8 (HKLM\...\winscp3_is1) (Version: 4.1.8 - Martin Prikryl)
Zoner Photo Studio 9 (HKLM\...\Zoner Photo Studio 9_is1) (Version: - ZONER software)

==================== Restore Points =========================

==================== Hosts content: ==========================

2006-11-02 12:23 - 2012-02-28 13:44 - 00000790 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {06D349B6-771D-450E-8D5E-DD667A67072B} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2008-07-28] (Lenovo Group Limited)
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {31AF26F3-DE0C-4230-B707-E96D0874355A} - System32\Tasks\Check Updates for Windows Live Toolbar => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12] (Microsoft Corporation)
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {8A4AEB9C-4A3D-414C-B18A-47DC38104B57} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {A2201CFA-D461-4C2D-89B4-E2E05FFFEA84} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {B0B5979A-5A48-49A3-B045-C551E6D0F339} - System32\Tasks\1-Click Maintenance => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
Task: C:\Windows\Tasks\1-Click Maintenance.job => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1404084969-4032197657-1012067246-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\Windows\Tasks\ReclaimerResumeInstall_svetla.job => C:\Users\svetla\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RunAsStdUser Task.job => C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer.exe
Task: C:\Windows\Tasks\SymInstallStub.job => C:\Users\svetla\AppData\Local\Temp\SymInstallStub.exe
Task: C:\Windows\Tasks\{1B6413DF-7003-4E2B-852E-1973F6362F7E}.job => C:\Program Files\Skype\Phone\Skype.exe
Task: C:\Windows\Tasks\{4C5C00E5-C69F-43B7-855C-A0559061AB5B}.job => c:\program files\mozilla firefox\firefox.exe
Task: C:\Windows\Tasks\{503AC2A6-3E45-4395-9783-F6752AA8862E}.job => C:\Program Files\Mozilla Firefox\firefox.exe
Task: C:\Windows\Tasks\{6CB78A56-5736-4D0F-8BFC-C31F3364F4EF}.job => c:\program files\mozilla firefox\firefox.exe
Task: C:\Windows\Tasks\{9A094B20-F70C-4FE7-A0B9-613C6E3F7842}.job => c:\program files\mozilla firefox\firefox.exe
Task: C:\Windows\Tasks\{A6D19408-C0A4-44A7-ADC6-717CD2C03153}.job => C:\Program Files\Skype\Phone\Skype.exe
Task: C:\Windows\Tasks\{C2D793D0-8829-40A9-8609-5FDED661FF22}.job => C:\Program Files\Skype\Phone\Skype.exe
Task: C:\Windows\Tasks\{C98388BC-B9AA-4625-9CB0-3BDA05C94C26}.job => C:\Program Files\Mozilla Firefox\firefox.exe

==================== Loaded Modules (whitelisted) =============

2008-04-10 21:55 - 2007-07-23 14:29 - 00036864 _____ () C:\Program Files\Apoint2K\ApRunSvc.exe
2012-07-31 10:24 - 2009-09-30 17:36 - 00488448 _____ () C:\Windows\System32\apdfprintmon.dll
2008-05-06 05:09 - 2008-05-06 05:09 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2008-05-25 01:17 - 2008-05-25 01:17 - 00520192 _____ () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2012-02-28 13:43 - 2012-01-25 09:47 - 08176640 _____ () c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
2014-05-09 22:38 - 2014-05-09 22:38 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-21 10:35 - 2014-04-21 10:35 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\Software\Classes\.exe: => <===== ATTENTION!

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Tun Miniport Adapter #3
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2014 04:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668,
ID procesu 0x5d4, čas spuštění aplikace 0xTrustedInstaller.exe0.

Error: (05/17/2014 04:38:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 04:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668,
ID procesu 0xed8, čas spuštění aplikace 0xTrustedInstaller.exe0.

Error: (05/17/2014 04:33:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 04:31:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668,
ID procesu 0x574, čas spuštění aplikace 0xTrustedInstaller.exe0.

Error: (05/17/2014 04:31:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 03:58:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668,
ID procesu 0x1170, čas spuštění aplikace 0xTrustedInstaller.exe0.

Error: (05/17/2014 03:58:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 03:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668,
ID procesu 0xf1c, čas spuštění aplikace 0xTrustedInstaller.exe0.

Error: (05/17/2014 03:53:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/17/2014 04:38:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Instalace modulů systému Windows3

Error: (05/17/2014 04:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Instalace modulů systému Windows23000001Restartovat službu

Error: (05/17/2014 04:31:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Instalace modulů systému Windows11200001Restartovat službu

Error: (05/17/2014 04:31:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: tvtumon

Error: (05/17/2014 04:31:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000TVT Backup Service

Error: (05/17/2014 04:31:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Publikování prostředků rozpoznávání funkcí%%2147942405

Error: (05/17/2014 04:31:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/17/2014 04:31:03 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: Při pokusu o přístup ke kořenovému adresáři historie C:\inetpub\history zjistila pomocná služba hostitele aplikace chybu. Adresář buď neexistuje, nebo jeho oprávnění nepovolují přístup službě historie. Funkce historie konfigurací je prozatím zakázána a bude povolena po vyřešení problému. Chcete-li tento problém vyřešit, zkontrolujte, zda adresář existuje a zda k němu má skupina Administrators přístup pro čtení a zápis. Datové pole obsahuje číslo chyby.

Error: (05/17/2014 03:58:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Instalace modulů systému Windows3

Error: (05/17/2014 03:53:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Instalace modulů systému Windows23000001Restartovat službu

Microsoft Office Sessions:
=========================
Error: (05/17/2014 04:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.0.6002.1800549e01af1kernel32.dll6.0.6002.184494da47967c0000005000496685d401cf71ddaac05a05

Error: (05/17/2014 04:38:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 04:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.0.6002.1800549e01af1kernel32.dll6.0.6002.184494da47967c000000500049668ed801cf71dcf4b7d3a5

Error: (05/17/2014 04:33:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 04:31:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.0.6002.1800549e01af1kernel32.dll6.0.6002.184494da47967c00000050004966857401cf71dc9d545615

Error: (05/17/2014 04:31:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 03:58:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.0.6002.1800549e01af1kernel32.dll6.0.6002.184494da47967c000000500049668117001cf71d80c667e86

Error: (05/17/2014 03:58:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 03:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.0.6002.1800549e01af1kernel32.dll6.0.6002.184494da47967c000000500049668f1c01cf71d7564d7d66

Error: (05/17/2014 03:53:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 2025.2 MB
Available physical RAM: 864.95 MB
Total Pagefile: 4295.36 MB
Available Pagefile: 2614.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.98 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:137.82 GB) (Free:31.15 GB) NTFS
Drive d: (Cesta_do_praveku) (CDROM) (Total:3.47 GB) (Free:0 GB) UDF
Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:3.22 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 8BFC66ED)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#2 Příspěvek od **vyosek** » 17 kvě 2014 21:59

Zdravim

Ciste to rozhodne neni, je tam toho spooooousty a hromady

Cim jste to cistil??

Jedna se o domaci PC nebo nejake pracovni\firemni??

pepis09 · #3 Příspěvek od **pepis09** » 17 kvě 2014 22:08

Dobrý večer,
čistil jsem to esetem, je to osobní pc.

#4 Příspěvek od **vyosek** » 17 kvě 2014 22:12

Tak to vycistime poradne

Logy z utilit co jsou nize sem postupne davejte...

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete si TDSSKiller http://media.kaspersky.com/utilities/Vi ... killer.exe

Po spusteni odsouhlaste licencni podminky (klik na Accept)
Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbar
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

pepis09 · #5 Příspěvek od **pepis09** » 17 kvě 2014 22:15

Ok, děkuji, jdu na to

#6 Příspěvek od **vyosek** » 17 kvě 2014 22:16

Prozatim neni zac, pokracovani rano

Dobrou

pepis09 · #7 Příspěvek od **pepis09** » 17 kvě 2014 22:24

Ty jo, tak jsem se zasekl hned na začátku, spustím ten JRT dám spustit jako správce a ono mi to píše:
Z tohoto počítače je přístup k programu Windows Script Host zakázán. S žádostí o podrobnosti se obraťte na správce systému.

pepis09 · #8 Příspěvek od **pepis09** » 17 kvě 2014 22:47

Dobrou

#9 Příspěvek od **vyosek** » 18 kvě 2014 07:33

Dobre rano,

JRT neni bezpodminecne nutny...

TDSSKillerem a MBARem

pepis09 · #10 Příspěvek od **pepis09** » 18 kvě 2014 11:07

odvir.zip: (205.34 KiB) Staženo 84 x

Dobrý den,
tak posílám logy, bohužel se mi ten JRT nepodařilo rozchodit, podívám se na to ještě večer, až budou děti spát.
Předem děkuji.

Pepis

#11 Příspěvek od **vyosek** » 18 kvě 2014 11:59

Logy mi priste prosim davejte primo sem do tematu a ne do priloh, jsou pro me prehlednejsi...

JRT uz nechcte byt

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

pepis09 · #12 Příspěvek od **pepis09** » 18 kvě 2014 12:56

Ok, s logy jsem nevěděl co je pro Vás lepší.

Výsledek Rkill

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/18/2014 01:53:34 PM in x86 mode.
Windows Version: Windows Vista (TM) Business Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to !
* HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WPCSvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost

Program finished at: 05/18/2014 01:55:33 PM
Execution time: 0 hours(s), 1 minute(s), and 58 seconds(s)

#13 Příspěvek od **vyosek** » 18 kvě 2014 12:58

Pokracujte ComboFixem

pepis09 · #14 Příspěvek od **pepis09** » 18 kvě 2014 16:30

Combofix

ComboFix 14-05-16.01 - svetla 18.05.2014 14:54:15.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2025.1076 [GMT 2:00]
Spuštěný z: c:\users\svetla\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\xml4C22.tmp
c:\programdata\xml4E74.tmp
c:\programdata\xml4F11.tmp
c:\users\svetla\AppData\Roaming\Microsoft\Windows\Recent\Order.url
c:\windows\$NtUninstallKB24739$
c:\windows\system32\SET349D.tmp
c:\windows\system32\SET3859.tmp
c:\windows\system32\SET572A.tmp
c:\windows\system32\SETA648.tmp
c:\windows\system32\SETFA2D.tmp
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
Q:\AUTORUN.INF
S:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-18 do 2014-05-18 )))))))))))))))))))))))))))))))
.
.
2014-05-18 09:22 . 2014-05-18 09:22 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 09:21 . 2014-05-18 09:21 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 08:10 . 2014-05-18 08:11 -------- d-----w- c:\users\Administrator
2014-05-17 21:29 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-17 21:29 . 2014-05-17 21:30 -------- d-----w- C:\AdwCleaner
2014-05-17 20:22 . 2014-05-17 20:23 -------- d-----w- C:\FRST
2014-05-17 14:15 . 2014-05-17 14:16 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-21 08:35 . 2012-07-31 08:33 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-21 08:35 . 2011-09-28 05:47 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-07-25 296096]
.
c:\users\svetla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" \s
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
R3 adusbnet;Anydata USB-NDIS miniport;c:\windows\system32\DRIVERS\adusbnet.sys [x]
R3 adusbser;Anydata USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 08:35]
.
2009-03-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
2014-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1404084969-4032197657-1012067246-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 10:00]
.
2013-08-31 c:\windows\Tasks\ReclaimerResumeInstall_svetla.job
- c:\users\svetla\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-08-31 12:48]
.
2012-10-29 c:\windows\Tasks\RunAsStdUser Task.job
- c:\program files\r2 Studios\Startup Delayer\Startup Delayer.exe [2012-08-25 10:09]
.
2011-11-10 c:\windows\Tasks\{1B6413DF-7003-4E2B-852E-1973F6362F7E}.job
- c:\program files\Skype\Phone\Skype.exe [2013-07-25 06:58]
.
2014-03-27 c:\windows\Tasks\{4C5C00E5-C69F-43B7-855C-A0559061AB5B}.job
- c:\program files\mozilla firefox\firefox.exe [2014-05-09 20:38]
.
2011-02-20 c:\windows\Tasks\{503AC2A6-3E45-4395-9783-F6752AA8862E}.job
- c:\program files\Mozilla Firefox\firefox.exe [2014-05-09 20:38]
.
2013-12-16 c:\windows\Tasks\{6CB78A56-5736-4D0F-8BFC-C31F3364F4EF}.job
- c:\program files\mozilla firefox\firefox.exe [2014-05-09 20:38]
.
2013-10-03 c:\windows\Tasks\{9A094B20-F70C-4FE7-A0B9-613C6E3F7842}.job
- c:\program files\mozilla firefox\firefox.exe [2014-05-09 20:38]
.
2011-05-09 c:\windows\Tasks\{A6D19408-C0A4-44A7-ADC6-717CD2C03153}.job
- c:\program files\Skype\Phone\Skype.exe [2013-07-25 06:58]
.
2011-06-22 c:\windows\Tasks\{C2D793D0-8829-40A9-8609-5FDED661FF22}.job
- c:\program files\Skype\Phone\Skype.exe [2013-07-25 06:58]
.
2011-05-17 c:\windows\Tasks\{C98388BC-B9AA-4625-9CB0-3BDA05C94C26}.job
- c:\program files\Mozilla Firefox\firefox.exe [2014-05-09 20:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = proxy.army.cz:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Inspect Element with DebugBar - c:\program files\Core Services\DebugBar\DebugInfoBar.dll/247
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: uhk.cz\www
FF - ProfilePath - c:\users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
Toolbar-10 - (no file)
SafeBoot-06551878.sys
SafeBoot-66242498.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-18 16:51
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\svetla\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4808)
c:\windows\system32\btncopy.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\AtService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Apoint2K\ApRunSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Apoint2K\Apoint.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2014-05-18 16:56:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-18 14:56
.
Před spuštěním: Volných bajtů: 31 960 866 816
Po spuštění: Volných bajtů: 31 484 342 272
.
- - End Of File - - C354B4DF6A27F3AA76A14D6F4320F20A
68AF06DDEFC5BFA52A09EE25870ECC3B

#15 Příspěvek od **vyosek** » 19 kvě 2014 08:28

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"AdobeAAMUpdater-1.0"=-
"TkBellExe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

:files
c:\users\svetla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
c:\windows\Tasks/*.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

VIRY.CZ

Prosím o kontrolu logu po odvirování

Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování

Re: Prosím o kontrolu logu po odvirování