PC rozesila spam

[KEnik]

Dobrý den,

mám podezření že PC rozesílá spam.
Pres emailový účet bylo posláno množství spamu a soukroma verejna IP na které je tento pocitac je na spam listu.

Predem díky za pomoc s odstranením. Odmena foru jista.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by MM (administrator) on MARCELA on 11-09-2014 11:18:32
Running from C:\Documents and Settings\MM\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
() C:\WINDOWS\hporclnr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Documents and Settings\MM\Data aplikací\Dropbox\bin\Dropbox.exe
(Software602 a.s.) C:\WinPUSA\WBSERVER.EXE
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Documents and Settings\MM\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-12-27] (Hewlett-Packard)
HKLM\...\Run: [HP OrderReminder Cleaner] => C:\WINDOWS\hporclnr.exe [104960 2006-12-27] ()
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-29] (APN)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-07-16] (Google Inc.)
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [966712 2011-09-01] (Nokia)
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\MM\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MM\Data aplikací\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\MM\Nabídka Start\Programy\Po spuštění\WinBase602 Server.lnk
ShortcutTarget: WinBase602 Server.lnk -> C:\WinPUSA\WBSERVER.EXE (Software602 a.s.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKCU - {1C38B24D-0A38-484A-BAE6-4D31AEB53022} URL = http://search.atlas.cz/?q={searchTerms}
SearchScopes: HKCU - {23384569-7E09-4212-9F6D-0C08E395A295} URL = http://www.search.ask.com/web?p2=%5EADN ... erms}&psv=
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2269050
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... 093&lng=cs
SearchScopes: HKCU - {CD10120B-C165-4f8d-8C74-639629E238FF} URL = http://mystart.magentic.com/english/?se ... search_box
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/english/ ... search_box
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1268912156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-09-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-21]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-09-15]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-06-18]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> ask search
CHR DefaultSearchProvider: Default -> Ask Search
CHR DefaultSearchURL: Default -> http://www.search.ask.com/web?tpid=ORJ- ... earchTerms}
CHR DefaultSuggestURL: Default -> http://ss.websearch.ask.com/query?li=ff ... earchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Software602 Form Filler) - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (McAfee Security Scan+) - C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-24]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-03]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [lpadbdkobbgjgonnfnipfngifldcdfin] - C:\Documents and Settings\All Users\Data aplikací\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx [2014-06-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [84520 2011-03-14] (Software602 a.s.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] (APN LLC.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-10-28] () [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-04-07] (Macrovision Europe Ltd.) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [87712 2010-08-12] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-06-19] (Skype Technologies S.A.)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913920 2007-01-05] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3845824 2006-01-27] (Realtek Semiconductor Corp.) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c5132.sys [173736 2010-09-20] (Intel Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [141264 2010-12-21] (ESET)
S3 EfiVariable; C:\WINDOWS\System32\Drivers\variable.sys [7680 2011-05-19] (Windows (R) Server 2003 DDK provider) [File not signed]
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94872 2010-12-21] (ESET)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
S1 rsetun; C:\WINDOWS\System32\rsetun.sys [0 2008-10-15] () [File not signed]
S3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\DOCUME~1\MM\LOCALS~1\Temp\catchme.sys [X]
S3 rtl8139; system32\DRIVERS\RTL8139.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 11:18 - 2014-09-11 11:18 - 00029696 _____ () C:\Documents and Settings\MM\Local Settings\Data aplikací\MSGBOX.EXE
2014-09-11 11:18 - 2014-09-11 11:18 - 00023634 _____ () C:\Documents and Settings\MM\Plocha\FRST.txt
2014-09-11 11:18 - 2014-09-11 11:18 - 00015327 _____ () C:\Documents and Settings\MM\Plocha\LM.bat
2014-09-11 11:18 - 2014-09-11 11:18 - 00000000 ____D () C:\FRST
2014-09-11 11:17 - 2014-09-11 11:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\MM\Plocha\FRSTLauncher.exe
2014-09-11 11:16 - 2014-09-11 11:16 - 01097728 _____ (Farbar) C:\Documents and Settings\MM\Plocha\FRST.exe
2014-09-11 09:31 - 2014-09-11 09:31 - 00000815 _____ () C:\Documents and Settings\All Users\Plocha\TeamViewer 9.lnk
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\TeamViewer
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 9
2014-09-03 07:27 - 2014-09-03 07:27 - 00409088 _____ () C:\Documents and Settings\MM\Plocha\Kopie - PRECIOSA - LILIEN 2.xls
2014-09-02 14:22 - 2014-09-02 14:22 - 00349214 _____ () C:\Documents and Settings\MM\Plocha\untitled.bmp
2014-09-02 10:20 - 2014-09-02 10:20 - 00292801 _____ () C:\Documents and Settings\MM\Plocha\preciosa.xlsx
2014-09-02 08:25 - 2014-09-02 14:22 - 00000000 ____D () C:\Documents and Settings\MM\Plocha\Taj Mahal Necklace Set with Earrings ~ Multicolor Blue LILIEN CZECH, authentic Czech rhinestone jewelry_files
2014-09-02 08:25 - 2014-09-02 08:25 - 00055920 _____ () C:\Documents and Settings\MM\Plocha\Taj Mahal Necklace Set with Earrings ~ Multicolor Blue LILIEN CZECH, authentic Czech rhinestone jewelry.htm
2014-09-01 19:53 - 2014-09-01 19:57 - 00000000 ____D () C:\Documents and Settings\MM\Dokumenty\zdraví
2014-08-30 10:38 - 2014-08-30 10:38 - 00000000 ____D () C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 11:18 - 2014-09-11 11:18 - 00029696 _____ () C:\Documents and Settings\MM\Local Settings\Data aplikací\MSGBOX.EXE
2014-09-11 11:18 - 2014-09-11 11:18 - 00023634 _____ () C:\Documents and Settings\MM\Plocha\FRST.txt
2014-09-11 11:18 - 2014-09-11 11:18 - 00015327 _____ () C:\Documents and Settings\MM\Plocha\LM.bat
2014-09-11 11:18 - 2014-09-11 11:18 - 00000000 ____D () C:\FRST
2014-09-11 11:18 - 2007-06-26 07:26 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\Skype
2014-09-11 11:18 - 2006-10-16 16:31 - 00000000 ___HD () C:\Documents and Settings\MM\Local Settings\Data aplikací
2014-09-11 11:18 - 2006-10-16 16:31 - 00000000 ____D () C:\Documents and Settings\MM\Plocha
2014-09-11 11:18 - 2006-10-16 16:31 - 00000000 ____D () C:\Documents and Settings\MM\Local Settings\Temp
2014-09-11 11:17 - 2014-09-11 11:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\MM\Plocha\FRSTLauncher.exe
2014-09-11 11:16 - 2014-09-11 11:16 - 01097728 _____ (Farbar) C:\Documents and Settings\MM\Plocha\FRST.exe
2014-09-11 11:16 - 2012-08-28 06:08 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 10:50 - 2012-04-04 06:23 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-11 09:41 - 2011-05-24 07:21 - 00000460 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{1ED2F884-7754-4B6F-8078-F846374A06AF}.job
2014-09-11 09:31 - 2014-09-11 09:31 - 00000815 _____ () C:\Documents and Settings\All Users\Plocha\TeamViewer 9.lnk
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\TeamViewer
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 9
2014-09-11 09:31 - 2006-10-16 23:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-09-11 09:31 - 2006-10-16 23:38 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-11 09:31 - 2006-10-16 16:31 - 00000000 __RHD () C:\Documents and Settings\MM\Data aplikací
2014-09-11 09:30 - 2006-10-19 16:43 - 00002561 _____ () C:\Documents and Settings\MM\Plocha\Microsoft Office Word 2003.lnk
2014-09-11 07:22 - 2012-06-20 12:39 - 00012531 _____ () C:\Documents and Settings\MM\intlname.ols
2014-09-11 07:03 - 2006-10-16 22:26 - 01261494 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-11 06:56 - 2012-07-30 06:31 - 00000000 ___RD () C:\Documents and Settings\MM\Dokumenty\Dropbox
2014-09-11 06:55 - 2012-07-30 06:29 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\Dropbox
2014-09-11 06:55 - 2012-06-15 23:14 - 00985202 _____ () C:\WINDOWS\setupapi.log
2014-09-11 06:55 - 2006-10-16 23:42 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-11 06:55 - 2006-10-16 23:42 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-11 06:55 - 2006-03-02 14:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-11 06:54 - 2014-03-11 07:39 - 00000216 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-11 06:54 - 2012-08-28 06:08 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 06:54 - 2006-10-16 22:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-10 19:48 - 2013-08-14 20:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 19:48 - 2006-10-16 22:31 - 00032520 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-10 19:42 - 2006-10-20 09:28 - 00004180 _____ () C:\WINDOWS\PUSA.INI
2014-09-10 19:42 - 2006-10-19 09:57 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 19:42 - 2006-10-16 16:31 - 00000272 ___SH () C:\Documents and Settings\MM\ntuser.ini
2014-09-10 19:41 - 2006-10-20 09:57 - 00000000 ____D () C:\Zálohy sklad
2014-09-10 14:57 - 2014-01-17 14:55 - 00000000 ____D () C:\Share
2014-09-10 13:44 - 2014-01-27 14:05 - 00008192 ___SH () C:\WINDOWS\Thumbs.db
2014-09-10 13:44 - 2006-10-22 13:41 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-09-10 08:50 - 2012-04-04 06:23 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 08:50 - 2011-05-19 06:33 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 18:44 - 2007-10-22 15:51 - 00000000 ____D () C:\Documents and Settings\MM\Dokumenty\Naskenováno
2014-09-09 18:43 - 2007-10-22 15:51 - 00002259 _____ () C:\Documents and Settings\MM\Plocha\Scan To.lnk
2014-09-09 18:42 - 2006-10-16 16:31 - 00000000 ___RD () C:\Documents and Settings\MM\Dokumenty
2014-09-09 12:33 - 2006-10-19 16:03 - 00000000 ____D () C:\WinPUSA
2014-09-08 16:05 - 2006-10-16 16:31 - 00000000 ____D () C:\Documents and Settings\MM
2014-09-08 15:00 - 2014-03-11 07:39 - 00000210 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-07 19:02 - 2012-07-18 17:19 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\vlc
2014-09-04 07:18 - 2012-08-28 06:09 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-09-03 07:27 - 2014-09-03 07:27 - 00409088 _____ () C:\Documents and Settings\MM\Plocha\Kopie - PRECIOSA - LILIEN 2.xls
2014-09-02 14:22 - 2014-09-02 14:22 - 00349214 _____ () C:\Documents and Settings\MM\Plocha\untitled.bmp
2014-09-02 14:22 - 2014-09-02 08:25 - 00000000 ____D () C:\Documents and Settings\MM\Plocha\Taj Mahal Necklace Set with Earrings ~ Multicolor Blue LILIEN CZECH, authentic Czech rhinestone jewelry_files
2014-09-02 14:22 - 2013-01-11 13:25 - 00246784 ___SH () C:\Documents and Settings\MM\Plocha\Thumbs.db
2014-09-02 10:20 - 2014-09-02 10:20 - 00292801 _____ () C:\Documents and Settings\MM\Plocha\preciosa.xlsx
2014-09-02 08:25 - 2014-09-02 08:25 - 00055920 _____ () C:\Documents and Settings\MM\Plocha\Taj Mahal Necklace Set with Earrings ~ Multicolor Blue LILIEN CZECH, authentic Czech rhinestone jewelry.htm
2014-09-01 19:57 - 2014-09-01 19:53 - 00000000 ____D () C:\Documents and Settings\MM\Dokumenty\zdraví
2014-08-30 10:38 - 2014-08-30 10:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-30 10:38 - 2007-06-26 07:25 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-08-16 17:02 - 2012-07-30 06:31 - 00000970 _____ () C:\Documents and Settings\MM\Plocha\Dropbox.lnk
2014-08-16 17:02 - 2012-07-30 06:29 - 00000000 ____D () C:\Documents and Settings\MM\Nabídka Start\Programy\Dropbox
2014-08-16 17:02 - 2006-10-16 16:31 - 00000000 ___RD () C:\Documents and Settings\MM\Nabídka Start\Programy\Po spuštění

Some content of TEMP:
====================
C:\Documents and Settings\MM\Local Settings\Temp\APNSetup.exe
C:\Documents and Settings\MM\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl3ixg6.dll
C:\Documents and Settings\MM\Local Settings\Temp\jre-6u45-windows-i586-iftw_2f3dd198.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\MM\Local Settings\Temp\NOSEventMessages.dll
C:\Documents and Settings\MM\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[Rudy]

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[KEnik]

Díky za pomoc.

LOg:
# AdwCleaner v3.309 - Report created 12/09/2014 at 11:12:43
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : MM - MARCELA
# Running from : C:\Documents and Settings\MM\Plocha\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\apn
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\icqtoolbar
Folder Deleted : C:\Documents and Settings\MM\Local Settings\Data aplikací\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\MM\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\MM\Local Settings\Data aplikací\ConduitEngine
Folder Deleted : C:\DOCUME~1\MM\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\MM\Data aplikací\PriceGong
[!] Folder Deleted : C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4BD2D6C3-31DC-B947-23D0-DC52EC4F0C4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CD10120B-C165-4F8D-8C74-639629E238FF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe]
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\SweetIM

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Google Chrome v37.0.2062.103

[ File : C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://mystart.incredimail.com/english/?search={searchTerms}&loc=search_box
Deleted [Search Provider] : hxxp://mystart.magentic.com/english/?search={searchTerms}&loc=search_box
Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
Deleted [Search Provider] : hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7-SAT& ... earchTerms}
Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7-SAT& ... earchTerms}
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [8802 octets] - [12/09/2014 11:10:42]
AdwCleaner[S0].txt - [8831 octets] - [12/09/2014 11:12:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8891 octets] ##########

[Rudy]

Dejte nový log FRST.

[KEnik]

Zdravím,
díky moc dostal jsme se k tomu az ted.
na PC se dnes ESET sam nahlasil:
15.9.2014 13:52:29 Rezidentní ochrana soubor C:\System Volume Information\_restore{EB3FC294-473B-41D1-9B62-FF76E89CE8A2}\RP659\A0069198.dll Win32/Toolbar.Conduit.Y potenciálně nechtěná aplikace vyléčen smazáním - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\system32\svchost.exe.

LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by MM (administrator) on MARCELA on 15-09-2014 13:54:44
Running from C:\Documents and Settings\MM\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
() C:\WINDOWS\hporclnr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Documents and Settings\MM\Data aplikací\Dropbox\bin\Dropbox.exe
(Software602 a.s.) C:\WinPUSA\WBSERVER.EXE
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(BR SOFT s.r.o.) C:\WinPUSA\winpusa.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(forum.viry.cz) C:\Documents and Settings\MM\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-12-27] (Hewlett-Packard)
HKLM\...\Run: [HP OrderReminder Cleaner] => C:\WINDOWS\hporclnr.exe [104960 2006-12-27] ()
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-07-16] (Google Inc.)
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [NokiaOviSuite2] => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [966712 2011-09-01] (Nokia)
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\MM\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MM\Data aplikací\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\MM\Nabídka Start\Programy\Po spuštění\WinBase602 Server.lnk
ShortcutTarget: WinBase602 Server.lnk -> C:\WinPUSA\WBSERVER.EXE (Software602 a.s.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {1C38B24D-0A38-484A-BAE6-4D31AEB53022} URL = http://search.atlas.cz/?q={searchTerms}
SearchScopes: HKCU - {23384569-7E09-4212-9F6D-0C08E395A295} URL = http://www.search.ask.com/web?p2=%5EADN ... erms}&psv=
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1268912156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-09-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-21]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-09-15]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-06-18]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> ask search
CHR DefaultSearchProvider: Default -> Ask Search
CHR DefaultSearchURL: Default -> http://www.search.ask.com/web?tpid=ORJ- ... earchTerms}
CHR DefaultSuggestURL: Default -> http://ss.websearch.ask.com/query?li=ff ... earchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Software602 Form Filler) - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-03]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\MM\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [lpadbdkobbgjgonnfnipfngifldcdfin] - C:\Documents and Settings\All Users\Data aplikací\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx [2013-05-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [84520 2011-03-14] (Software602 a.s.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-10-28] () [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-04-07] (Macrovision Europe Ltd.) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [87712 2010-08-12] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-06-19] (Skype Technologies S.A.)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913920 2007-01-05] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3845824 2006-01-27] (Realtek Semiconductor Corp.) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c5132.sys [173736 2010-09-20] (Intel Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [141264 2010-12-21] (ESET)
S3 EfiVariable; C:\WINDOWS\System32\Drivers\variable.sys [7680 2011-05-19] (Windows (R) Server 2003 DDK provider) [File not signed]
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94872 2010-12-21] (ESET)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
S1 rsetun; C:\WINDOWS\System32\rsetun.sys [0 2008-10-15] () [File not signed]
S3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\DOCUME~1\MM\LOCALS~1\Temp\catchme.sys [X]
S3 rtl8139; system32\DRIVERS\RTL8139.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 13:54 - 2014-09-15 13:55 - 00021007 _____ () C:\Documents and Settings\MM\Plocha\FRST.txt
2014-09-15 13:54 - 2014-09-15 13:54 - 00029696 _____ () C:\Documents and Settings\MM\Local Settings\Data aplikací\MSGBOX.EXE
2014-09-15 13:54 - 2014-09-15 13:54 - 00015327 _____ () C:\Documents and Settings\MM\Plocha\LM.bat
2014-09-12 11:15 - 2014-09-12 11:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2014-09-12 11:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-12 11:10 - 2014-09-12 11:13 - 00000000 ____D () C:\AdwCleaner
2014-09-12 11:09 - 2014-09-12 11:09 - 01370467 _____ () C:\Documents and Settings\MM\Plocha\adwcleaner_3.309.exe
2014-09-11 11:22 - 2014-09-11 11:22 - 00010766 _____ () C:\Documents and Settings\MM\Plocha\Addition.zip
2014-09-11 11:18 - 2014-09-15 13:54 - 00000000 ____D () C:\FRST
2014-09-11 11:17 - 2014-09-11 11:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\MM\Plocha\FRSTLauncher.exe
2014-09-11 11:16 - 2014-09-11 11:16 - 01097728 _____ (Farbar) C:\Documents and Settings\MM\Plocha\FRST.exe
2014-09-11 09:31 - 2014-09-12 07:47 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\TeamViewer
2014-09-11 09:31 - 2014-09-11 09:31 - 00000815 _____ () C:\Documents and Settings\All Users\Plocha\TeamViewer 9.lnk
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 9
2014-09-03 07:27 - 2014-09-03 07:27 - 00409088 _____ () C:\Documents and Settings\MM\Plocha\Kopie - PRECIOSA - LILIEN 2.xls
2014-09-02 14:22 - 2014-09-02 14:22 - 00349214 _____ () C:\Documents and Settings\MM\Plocha\untitled.bmp
2014-09-02 10:20 - 2014-09-02 10:20 - 00292801 _____ () C:\Documents and Settings\MM\Plocha\preciosa.xlsx
2014-09-02 08:25 - 2014-09-02 14:22 - 00000000 ____D () C:\Documents and Settings\MM\Plocha\Taj Mahal Necklace Set with Earrings ~ Multicolor Blue LILIEN CZECH, authentic Czech rhinestone jewelry_files
2014-09-02 08:25 - 2014-09-02 08:25 - 00055920 _____ () C:\Documents and Settings\MM\Plocha\Taj Mahal Necklace Set with Earrings ~ Multicolor Blue LILIEN CZECH, authentic Czech rhinestone jewelry.htm
2014-09-01 19:53 - 2014-09-01 19:57 - 00000000 ____D () C:\Documents and Settings\MM\Dokumenty\zdraví
2014-08-30 10:38 - 2014-08-30 10:38 - 00000000 ____D () C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 13:55 - 2014-09-15 13:54 - 00021007 _____ () C:\Documents and Settings\MM\Plocha\FRST.txt
2014-09-15 13:55 - 2006-10-16 16:31 - 00000000 ____D () C:\Documents and Settings\MM\Local Settings\Temp
2014-09-15 13:54 - 2014-09-15 13:54 - 00029696 _____ () C:\Documents and Settings\MM\Local Settings\Data aplikací\MSGBOX.EXE
2014-09-15 13:54 - 2014-09-15 13:54 - 00015327 _____ () C:\Documents and Settings\MM\Plocha\LM.bat
2014-09-15 13:54 - 2014-09-11 11:18 - 00000000 ____D () C:\FRST
2014-09-15 13:54 - 2006-10-16 16:31 - 00000000 ___HD () C:\Documents and Settings\MM\Local Settings\Data aplikací
2014-09-15 13:54 - 2006-10-16 16:31 - 00000000 ____D () C:\Documents and Settings\MM\Plocha
2014-09-15 13:53 - 2007-06-26 07:26 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\Skype
2014-09-15 13:50 - 2012-04-04 06:23 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-15 13:47 - 2014-01-17 14:55 - 00000000 ____D () C:\Share
2014-09-15 13:16 - 2012-08-28 06:08 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 07:28 - 2006-10-20 09:28 - 00004180 _____ () C:\WINDOWS\PUSA.INI
2014-09-15 07:25 - 2006-10-19 16:03 - 00000000 ____D () C:\WinPUSA
2014-09-15 07:19 - 2012-08-28 06:09 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-09-15 07:00 - 2011-05-24 07:21 - 00000460 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{1ED2F884-7754-4B6F-8078-F846374A06AF}.job
2014-09-15 06:57 - 2006-10-16 22:26 - 01305000 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-15 06:55 - 2012-07-30 06:31 - 00000000 ___RD () C:\Documents and Settings\MM\Dokumenty\Dropbox
2014-09-15 06:54 - 2012-07-30 06:29 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\Dropbox
2014-09-15 06:54 - 2012-06-15 23:14 - 00985932 _____ () C:\WINDOWS\setupapi.log
2014-09-15 06:54 - 2006-03-02 14:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-15 06:53 - 2014-03-11 07:39 - 00000216 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-15 06:53 - 2012-08-28 06:08 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 06:53 - 2006-10-16 23:42 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-15 06:53 - 2006-10-16 23:42 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-15 06:53 - 2006-10-16 22:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-12 14:53 - 2006-10-16 22:31 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-12 14:53 - 2006-10-16 16:31 - 00000272 ___SH () C:\Documents and Settings\MM\ntuser.ini
2014-09-12 11:15 - 2014-09-12 11:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2014-09-12 11:15 - 2006-10-16 23:38 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-12 11:13 - 2014-09-12 11:10 - 00000000 ____D () C:\AdwCleaner
2014-09-12 11:13 - 2006-10-16 16:31 - 00000000 __RHD () C:\Documents and Settings\MM\Data aplikací
2014-09-12 11:12 - 2008-12-17 08:16 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ICQ
2014-09-12 11:09 - 2014-09-12 11:09 - 01370467 _____ () C:\Documents and Settings\MM\Plocha\adwcleaner_3.309.exe
2014-09-12 07:47 - 2014-09-11 09:31 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\TeamViewer
2014-09-12 06:48 - 2006-10-16 23:37 - 01522784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-11 11:22 - 2014-09-11 11:22 - 00010766 _____ () C:\Documents and Settings\MM\Plocha\Addition.zip
2014-09-11 11:17 - 2014-09-11 11:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\MM\Plocha\FRSTLauncher.exe
2014-09-11 11:16 - 2014-09-11 11:16 - 01097728 _____ (Farbar) C:\Documents and Settings\MM\Plocha\FRST.exe
2014-09-11 09:31 - 2014-09-11 09:31 - 00000815 _____ () C:\Documents and Settings\All Users\Plocha\TeamViewer 9.lnk
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-11 09:31 - 2014-09-11 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 9
2014-09-11 09:31 - 2006-10-16 23:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-09-11 09:31 - 2006-10-16 23:38 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-11 09:30 - 2006-10-19 16:43 - 00002561 _____ () C:\Documents and Settings\MM\Plocha\Microsoft Office Word 2003.lnk
2014-09-11 07:22 - 2012-06-20 12:39 - 00012531 _____ () C:\Documents and Settings\MM\intlname.ols
2014-09-10 19:48 - 2013-08-14 20:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 19:42 - 2006-10-19 09:57 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 19:41 - 2006-10-20 09:57 - 00000000 ____D () C:\Zálohy sklad
2014-09-10 13:44 - 2014-01-27 14:05 - 00008192 ___SH () C:\WINDOWS\Thumbs.db
2014-09-10 13:44 - 2006-10-22 13:41 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-09-10 08:50 - 2012-04-04 06:23 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 08:50 - 2011-05-19 06:33 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 18:44 - 2007-10-22 15:51 - 00000000 ____D () C:\Documents and Settings\MM\Dokumenty\Naskenováno
2014-09-09 18:43 - 2007-10-22 15:51 - 00002259 _____ () C:\Documents and Settings\MM\Plocha\Scan To.lnk
2014-09-09 18:42 - 2006-10-16 16:31 - 00000000 ___RD () C:\Documents and Settings\MM\Dokumenty
2014-09-08 16:05 - 2006-10-16 16:31 - 00000000 ____D () C:\Documents and Settings\MM
2014-09-08 15:00 - 2014-03-11 07:39 - 00000210 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-07 19:02 - 2012-07-18 17:19 - 00000000 ____D () C:\Documents and Settings\MM\Data aplikací\vlc
2014-09-03 07:27 - 2014-09-03 07:27 - 00409088 _____ () C:\Documents and Settings\MM\Plocha\Kopie - PRECIOSA - LILIEN 2.xls
2014-09-02 14:22 - 2014-09-02 14:22 - 00349214 _____ () C:\Documents and Settings\MM\Plocha\untitled.bmp
2014-09-02 14:22 - 2014-09-02 08:25 - 00000000 ____D () C:\Documents and Settings\MM\Plocha\Taj Mahal Necklace Set with Earrings ~ Multicolor Blue LILIEN CZECH, authentic Czech rhinestone jewelry_files
2014-09-02 14:22 - 2013-01-11 13:25 - 00246784 ___SH () C:\Documents and Settings\MM\Plocha\Thumbs.db
2014-09-02 10:20 - 2014-09-02 10:20 - 00292801 _____ () C:\Documents and Settings\MM\Plocha\preciosa.xlsx
2014-09-02 08:25 - 2014-09-02 08:25 - 00055920 _____ () C:\Documents and Settings\MM\Plocha\Taj Mahal Necklace Set with Earrings ~ Multicolor Blue LILIEN CZECH, authentic Czech rhinestone jewelry.htm
2014-09-01 19:57 - 2014-09-01 19:53 - 00000000 ____D () C:\Documents and Settings\MM\Dokumenty\zdraví
2014-08-30 10:38 - 2014-08-30 10:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-30 10:38 - 2007-06-26 07:25 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-08-16 17:02 - 2012-07-30 06:31 - 00000970 _____ () C:\Documents and Settings\MM\Plocha\Dropbox.lnk
2014-08-16 17:02 - 2012-07-30 06:29 - 00000000 ____D () C:\Documents and Settings\MM\Nabídka Start\Programy\Dropbox
2014-08-16 17:02 - 2006-10-16 16:31 - 00000000 ___RD () C:\Documents and Settings\MM\Nabídka Start\Programy\Po spuštění

Some content of TEMP:
====================
C:\Documents and Settings\MM\Local Settings\Temp\APNSetup.exe
C:\Documents and Settings\MM\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoq6cpl.dll
C:\Documents and Settings\MM\Local Settings\Temp\jre-6u45-windows-i586-iftw_2f3dd198.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\MM\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\MM\Local Settings\Temp\NOSEventMessages.dll
C:\Documents and Settings\MM\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\MM\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1606980848-1004336348-1801674531-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-07-16] (Google Inc.)
C:\Program Files\Google\GoogleToolbarNotifier
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
SearchScopes: HKCU - {23384569-7E09-4212-9F6D-0C08E395A295} URL = http://www.search.ask.com/web?p2=%5EADN ... trgb=IE&q={searchTerms}&psv=
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
C:\Program Files\Skype\Toolbars
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
CHR DefaultSearchKeyword: Default -> ask search
CHR DefaultSearchProvider: Default -> Ask Search
CHR DefaultSearchURL: Default -> http://www.search.ask.com/web?tpid=ORJ- ... trgb=CR&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ss.websearch.ask.com/query?li=ff ... =prefix&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [lpadbdkobbgjgonnfnipfngifldcdfin] - C:\Documents and Settings\All Users\Data aplikací\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx [2013-05-14]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-06-19] (Skype Technologies S.A.)
S1 rsetun; C:\WINDOWS\System32\rsetun.sys [0 2008-10-15] () [File not signed]
C:\WINDOWS\System32\rsetun.sys
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\MM\Local Settings\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[KEnik]

Zdravim, dekuji.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2014
Ran by MM at 2014-09-15 20:22:21 Run:1
Running from C:\Documents and Settings\MM\Plocha
Boot Mode: Normal

moc velky je v priloze.

[Rudy]

Vše smazáno. Nastala nějaká změna?

[KEnik]

Zdravim,

nevim - heslo do Outlooku vlozim az zitra radeji a budu sledovat logy na serveru.
Diky moc.

spustil jsem eset nasel jeste 2 vyskyty:
15.9.2014 21:29:18 Rezidentní ochrana soubor C:\System Volume Information\_restore{EB3FC294-473B-41D1-9B62-FF76E89CE8A2}\RP659\A0069200.dll Win32/Toolbar.Conduit.Y potenciálně nechtěná aplikace nelze léčit NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\WINDOWS\system32\svchost.exe.

C:\Documents and Settings\MM\Dokumenty\Downloads\installer_adobe_indesign.exe » NSIS » Script.nsi - Win32/Toggle potenciálně nechtěná aplikace - vyléčen smazáním - uložen do karantény [1]
C:\System Volume Information\_restore{EB3FC294-473B-41D1-9B62-FF76E89CE8A2}\RP659\A0069200.dll - Win32/Toolbar.Conduit.Y potenciálně nechtěná aplikace - vyléčen smazáním - uložen do karantény [1]

[Rudy]

Nic zvláštního, pouze adwary a 2 z nich v záloze systému. Příp. dejte vědět.

[KEnik]

Děkuji tedy mnohokrát za pomoc.
PS: co tam bylo ? Už se nemusíme bát rozesílání spamu?

[Rudy]

PS: co tam bylo ?

Nic zvláštního, pouze adwary a 2 z nich v záloze systému.

Ještě doporučím změnit heslo na mail. Nemáte zač!