Vyborne, toto je OK, ale mam stale podezreni, ze havet zustala v bodech obnoveni...
Vypnete bod obnoveni a restartujte PC http://forum.viry.cz/viewtopic.php?f=46&t=47040
Udelejte znovu kontrolu pomoci MBAMu a poslete log.
Bod obnoveni zatim nezapinejte.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosímo kontrolu, podezření, 1 proces pořád 50%
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosímo kontrolu, podezření, 1 proces pořád 50%
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosímo kontrolu, podezření, 1 proces pořád 50%
Vypadá to OK.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2014.11.05.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jan Rukavička :: 1810TZ [administrátor]
12.11.2014 16:26:14
MBAM-log-2014-11-12 (16-45-43).txt
Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 371158
Uplynulý čas: 17 minut, 21 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCR\Typelib\{157B1AA6-3E5C-404A-9118-C1D91F537040} (PUP.Optional.Multiplug) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 5
C:\AdwCleaner\Quarantine\C\Program Files\NextCoup\Fn3ITHATu6Df2g.dll.vir (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\NextCoup\Fn3ITHATu6Df2g.x64.dll.vir (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\PodoWeb.FirstRun.exe.vir (PUP.Optional.Sambreel.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\PodoWebbho.dll.vir (PUP.Optional.PodoWeb.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\updatePodoWeb.exe.vir (PUP.Optional.PodoWeb.A) -> Nebyla provedena žádná instrukce.
(konec)
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2014.11.05.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jan Rukavička :: 1810TZ [administrátor]
12.11.2014 16:26:14
MBAM-log-2014-11-12 (16-45-43).txt
Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 371158
Uplynulý čas: 17 minut, 21 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCR\Typelib\{157B1AA6-3E5C-404A-9118-C1D91F537040} (PUP.Optional.Multiplug) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 5
C:\AdwCleaner\Quarantine\C\Program Files\NextCoup\Fn3ITHATu6Df2g.dll.vir (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\NextCoup\Fn3ITHATu6Df2g.x64.dll.vir (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\PodoWeb.FirstRun.exe.vir (PUP.Optional.Sambreel.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\PodoWebbho.dll.vir (PUP.Optional.PodoWeb.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\updatePodoWeb.exe.vir (PUP.Optional.PodoWeb.A) -> Nebyla provedena žádná instrukce.
(konec)
E8400@3.00GHz, P5Q DELUXE, 2 GB Corsair PC2-6400, SAMSUNG HD103UJ, ST3320620NS, Radeon HD 4890 1GB
Re: Prosímo kontrolu, podezření, 1 proces pořád 50%
Tuto polozku smazte/presunte do karanteny.HKCR\Typelib\{157B1AA6-3E5C-404A-9118-C1D91F537040} (PUP.Optional.Multiplug) -> Nebyla provedena žádná instrukce.
Bod obnovy muzete zase zapnout. Tyto porty mate otevrene zamerne? Pokud ne nebo o nich nevite, pouzijte krok s OTM popsany nize.
Kód: Vybrat vše
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"- Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
- ukoncete vsechny programy
- kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
- po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log
- vlozte i novy log RSIT
Kód: Vybrat vše
:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[CreateRestorePoint]
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
"1900:UDP"=-
"2869:TCP"=-
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosímo kontrolu, podezření, 1 proces pořád 50%
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
User: HelpAssistant
User: IUSR_1810TZ
User: IWAM_1810TZ
User: Jan RukaviÄŤka
User: Jan Rukavička
->Temp folder emptied: 1183380 bytes
->Temporary Internet Files folder emptied: 569617 bytes
->Flash cache emptied: 1593 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: SUPPORT_388945a0
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5283958 bytes
Total Files Cleaned = 7,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Guest
User: HelpAssistant
User: IUSR_1810TZ
User: IWAM_1810TZ
User: Jan RukaviÄŤka
User: Jan Rukavička
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: SUPPORT_388945a0
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: Guest
User: HelpAssistant
User: IUSR_1810TZ
User: IWAM_1810TZ
User: Jan RukaviÄŤka
User: Jan Rukavička
User: LocalService
User: NetworkService
User: SUPPORT_388945a0
Total Java Files Cleaned = 0,00 mb
Error creating restore point.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 11242014_184041
Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_ad0.dat not found!
Registry entries deleted on Reboot...
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
User: HelpAssistant
User: IUSR_1810TZ
User: IWAM_1810TZ
User: Jan RukaviÄŤka
User: Jan Rukavička
->Temp folder emptied: 1183380 bytes
->Temporary Internet Files folder emptied: 569617 bytes
->Flash cache emptied: 1593 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: SUPPORT_388945a0
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5283958 bytes
Total Files Cleaned = 7,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Guest
User: HelpAssistant
User: IUSR_1810TZ
User: IWAM_1810TZ
User: Jan RukaviÄŤka
User: Jan Rukavička
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: SUPPORT_388945a0
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: Guest
User: HelpAssistant
User: IUSR_1810TZ
User: IWAM_1810TZ
User: Jan RukaviÄŤka
User: Jan Rukavička
User: LocalService
User: NetworkService
User: SUPPORT_388945a0
Total Java Files Cleaned = 0,00 mb
Error creating restore point.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 11242014_184041
Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_ad0.dat not found!
Registry entries deleted on Reboot...
E8400@3.00GHz, P5Q DELUXE, 2 GB Corsair PC2-6400, SAMSUNG HD103UJ, ST3320620NS, Radeon HD 4890 1GB
Re: Prosímo kontrolu, podezření, 1 proces pořád 50%
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by Jan Rukavička (administrator) on 1810TZ on 24-11-2014 18:47:29
Running from C:\Documents and Settings\Jan Rukavička\Plocha
Loaded Profile: Jan Rukavička (Available profiles: Jan Rukavička)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Opera Software) C:\Program Files\Opera\opera.exe
() C:\Documents and Settings\Jan Rukavička\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-07-01] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-07-01] (Intel(R) Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [805384 2014-01-25] (Dritek System Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-861567501-1801674531-1177238915-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-861567501-1801674531-1177238915-1005 -> {010F492F-54FC-4461-8A2D-F34ABA0436C5} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKU\S-1-5-21-861567501-1801674531-1177238915-1005 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-07-01] (Intel(R) Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533024 2009-06-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991136 2009-04-15] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [45984 2009-06-18] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22688 2014-01-21] (REALiX(tm))
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [39424 2009-03-31] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw1x32; C:\WINDOWS\System32\DRIVERS\NETw1x32.sys [5929216 2009-06-19] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 18:47 - 2014-11-24 18:47 - 00008979 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\FRST.txt
2014-11-24 18:46 - 2014-11-24 18:46 - 00029696 _____ () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\MSGBOX.EXE
2014-11-24 18:46 - 2014-11-24 18:46 - 00015327 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\LM.bat
2014-11-24 18:46 - 2014-11-24 18:46 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Plocha\FRST-OlderVersion
2014-11-24 18:40 - 2014-11-24 18:40 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Jan Rukavička\Plocha\OTM.exe
2014-11-24 18:40 - 2014-11-24 18:40 - 00000000 ____D () C:\_OTM
2014-11-20 15:32 - 2014-11-20 15:56 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Plocha\Nová složka
2014-11-20 14:59 - 2014-11-24 18:41 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 14:59 - 2014-11-20 15:04 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 13:10 - 2014-11-20 15:58 - 00153088 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\tabulka jízd.xls
2014-11-17 19:35 - 2014-11-20 12:54 - 00007829 _____ () C:\WINDOWS\setupapi.log
2014-11-17 19:35 - 2014-11-17 19:35 - 00000041 _____ () C:\WINDOWS\setupact.log
2014-11-17 19:35 - 2014-11-17 19:35 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-17 19:35 - 2014-11-17 19:35 - 00000000 _____ () C:\WINDOWS\Setup.INI
2014-11-12 16:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-11-11 00:18 - 2014-11-11 00:18 - 00018276 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141111_001831.reg
2014-11-10 23:32 - 2014-11-10 23:32 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-11-10 23:32 - 2014-11-10 23:32 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-10 23:32 - 2014-11-10 23:32 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-11-10 23:32 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-10 23:24 - 2014-11-10 23:24 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Malwarebytes
2014-11-10 23:15 - 2014-11-10 23:15 - 00000000 ___HD () C:\WINDOWS\PIF
2014-11-10 22:40 - 2014-11-24 18:47 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Temp
2014-11-10 22:23 - 2014-11-12 16:49 - 00000000 ____D () C:\AdwCleaner
2014-11-10 22:22 - 2014-11-10 22:22 - 01375089 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\AdwCleaner.exe
2014-11-10 22:18 - 2014-11-10 23:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-11-10 22:00 - 2014-11-24 18:47 - 00000000 ____D () C:\FRST
2014-11-10 21:59 - 2014-11-24 18:46 - 01108992 _____ (Farbar) C:\Documents and Settings\Jan Rukavička\Plocha\FRST.exe
2014-11-10 19:44 - 2014-11-10 19:44 - 00001915 _____ () C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2014-11-10 19:44 - 2014-11-10 19:44 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Google
2014-11-10 19:44 - 2014-11-10 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2014-11-10 19:39 - 2014-11-10 19:44 - 00000000 ____D () C:\Program Files\Google
2014-11-07 09:40 - 2014-11-07 09:40 - 00000690 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141107_094013.reg
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 18:47 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Plocha
2014-11-24 18:46 - 2014-01-16 22:15 - 00000000 ___HD () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací
2014-11-24 18:43 - 2014-01-16 22:57 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-11-24 18:42 - 2014-01-16 22:10 - 01087773 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-24 18:41 - 2014-01-16 23:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-24 18:41 - 2014-01-16 23:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-24 18:41 - 2014-01-16 22:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-24 18:40 - 2014-01-16 23:01 - 00785792 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-24 18:40 - 2014-01-16 22:15 - 00000178 ___SH () C:\Documents and Settings\Jan Rukavička\ntuser.ini
2014-11-24 18:40 - 2014-01-16 22:14 - 00032610 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-24 18:34 - 2014-01-16 09:56 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-20 15:31 - 2014-01-17 00:00 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-20 14:31 - 2014-01-16 23:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-20 14:31 - 2014-01-16 23:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-17 19:40 - 2014-02-14 09:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-17 19:37 - 2014-01-16 23:19 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-17 19:35 - 2014-01-25 18:43 - 00000083 _____ () C:\WINDOWS\LManager.UNI
2014-11-17 19:34 - 2014-01-25 18:43 - 00000000 ____D () C:\Program Files\Launch Manager
2014-11-13 21:06 - 2014-01-17 11:00 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\vlc
2014-11-13 18:56 - 2014-03-15 20:14 - 00007168 _____ () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 16:20 - 2014-01-16 22:09 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-11-12 16:09 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička
2014-11-11 20:51 - 2014-01-16 22:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-11-11 20:40 - 2014-08-04 13:08 - 00000003 _____ () C:\Documents and Settings\Jan Rukavička\stut
2014-11-11 18:08 - 2014-07-17 05:16 - 00000000 ____D () C:\Program Files\ITN Converter
2014-11-11 17:16 - 2014-07-17 05:16 - 00000710 _____ () C:\Documents and Settings\All Users\Plocha\ITN Converter.lnk
2014-11-11 17:16 - 2014-07-17 05:16 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\ITN Converter
2014-11-11 17:16 - 2014-01-16 23:00 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-11-11 00:18 - 2014-01-16 22:15 - 00000000 ___RD () C:\Documents and Settings\Jan Rukavička\Dokumenty
2014-11-11 00:11 - 2014-01-16 22:57 - 00000000 ____D () C:\WINDOWS\twain_32
2014-11-10 23:32 - 2014-01-16 23:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-11-10 23:31 - 2014-08-04 13:06 - 00000062 _____ () C:\Documents and Settings\Jan Rukavička\rgut
2014-11-10 23:24 - 2014-01-16 22:15 - 00000000 __RHD () C:\Documents and Settings\Jan Rukavička\Data aplikací
2014-11-10 22:41 - 2014-09-14 17:21 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-11-10 22:39 - 2014-09-14 17:21 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-11-10 22:39 - 2014-01-16 23:00 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-11-10 19:39 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google
2014-11-07 10:41 - 2014-06-21 07:49 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Adobe
2014-11-07 09:53 - 2014-10-03 18:23 - 00000000 ____D () C:\Program Files\Abe's Oddysee
2014-11-07 09:53 - 2014-01-16 23:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-11-07 09:52 - 2014-01-16 23:00 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-11-07 09:52 - 2014-01-16 23:00 - 00000000 ____D () C:\Program Files\CCleaner
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Ran by Jan Rukavička (administrator) on 1810TZ on 24-11-2014 18:47:29
Running from C:\Documents and Settings\Jan Rukavička\Plocha
Loaded Profile: Jan Rukavička (Available profiles: Jan Rukavička)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Opera Software) C:\Program Files\Opera\opera.exe
() C:\Documents and Settings\Jan Rukavička\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-07-01] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-07-01] (Intel(R) Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [805384 2014-01-25] (Dritek System Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-861567501-1801674531-1177238915-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-861567501-1801674531-1177238915-1005 -> {010F492F-54FC-4461-8A2D-F34ABA0436C5} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKU\S-1-5-21-861567501-1801674531-1177238915-1005 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-07-01] (Intel(R) Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533024 2009-06-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991136 2009-04-15] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [45984 2009-06-18] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22688 2014-01-21] (REALiX(tm))
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [39424 2009-03-31] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw1x32; C:\WINDOWS\System32\DRIVERS\NETw1x32.sys [5929216 2009-06-19] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 18:47 - 2014-11-24 18:47 - 00008979 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\FRST.txt
2014-11-24 18:46 - 2014-11-24 18:46 - 00029696 _____ () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\MSGBOX.EXE
2014-11-24 18:46 - 2014-11-24 18:46 - 00015327 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\LM.bat
2014-11-24 18:46 - 2014-11-24 18:46 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Plocha\FRST-OlderVersion
2014-11-24 18:40 - 2014-11-24 18:40 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Jan Rukavička\Plocha\OTM.exe
2014-11-24 18:40 - 2014-11-24 18:40 - 00000000 ____D () C:\_OTM
2014-11-20 15:32 - 2014-11-20 15:56 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Plocha\Nová složka
2014-11-20 14:59 - 2014-11-24 18:41 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 14:59 - 2014-11-20 15:04 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 13:10 - 2014-11-20 15:58 - 00153088 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\tabulka jízd.xls
2014-11-17 19:35 - 2014-11-20 12:54 - 00007829 _____ () C:\WINDOWS\setupapi.log
2014-11-17 19:35 - 2014-11-17 19:35 - 00000041 _____ () C:\WINDOWS\setupact.log
2014-11-17 19:35 - 2014-11-17 19:35 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-17 19:35 - 2014-11-17 19:35 - 00000000 _____ () C:\WINDOWS\Setup.INI
2014-11-12 16:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-11-11 00:18 - 2014-11-11 00:18 - 00018276 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141111_001831.reg
2014-11-10 23:32 - 2014-11-10 23:32 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-11-10 23:32 - 2014-11-10 23:32 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-10 23:32 - 2014-11-10 23:32 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-11-10 23:32 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-10 23:24 - 2014-11-10 23:24 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Malwarebytes
2014-11-10 23:15 - 2014-11-10 23:15 - 00000000 ___HD () C:\WINDOWS\PIF
2014-11-10 22:40 - 2014-11-24 18:47 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Temp
2014-11-10 22:23 - 2014-11-12 16:49 - 00000000 ____D () C:\AdwCleaner
2014-11-10 22:22 - 2014-11-10 22:22 - 01375089 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\AdwCleaner.exe
2014-11-10 22:18 - 2014-11-10 23:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-11-10 22:00 - 2014-11-24 18:47 - 00000000 ____D () C:\FRST
2014-11-10 21:59 - 2014-11-24 18:46 - 01108992 _____ (Farbar) C:\Documents and Settings\Jan Rukavička\Plocha\FRST.exe
2014-11-10 19:44 - 2014-11-10 19:44 - 00001915 _____ () C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2014-11-10 19:44 - 2014-11-10 19:44 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Google
2014-11-10 19:44 - 2014-11-10 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2014-11-10 19:39 - 2014-11-10 19:44 - 00000000 ____D () C:\Program Files\Google
2014-11-07 09:40 - 2014-11-07 09:40 - 00000690 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141107_094013.reg
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 18:47 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Plocha
2014-11-24 18:46 - 2014-01-16 22:15 - 00000000 ___HD () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací
2014-11-24 18:43 - 2014-01-16 22:57 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-11-24 18:42 - 2014-01-16 22:10 - 01087773 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-24 18:41 - 2014-01-16 23:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-24 18:41 - 2014-01-16 23:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-24 18:41 - 2014-01-16 22:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-24 18:40 - 2014-01-16 23:01 - 00785792 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-24 18:40 - 2014-01-16 22:15 - 00000178 ___SH () C:\Documents and Settings\Jan Rukavička\ntuser.ini
2014-11-24 18:40 - 2014-01-16 22:14 - 00032610 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-24 18:34 - 2014-01-16 09:56 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-20 15:31 - 2014-01-17 00:00 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-20 14:31 - 2014-01-16 23:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-20 14:31 - 2014-01-16 23:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-17 19:40 - 2014-02-14 09:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-17 19:37 - 2014-01-16 23:19 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-17 19:35 - 2014-01-25 18:43 - 00000083 _____ () C:\WINDOWS\LManager.UNI
2014-11-17 19:34 - 2014-01-25 18:43 - 00000000 ____D () C:\Program Files\Launch Manager
2014-11-13 21:06 - 2014-01-17 11:00 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\vlc
2014-11-13 18:56 - 2014-03-15 20:14 - 00007168 _____ () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 16:20 - 2014-01-16 22:09 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-11-12 16:09 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička
2014-11-11 20:51 - 2014-01-16 22:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-11-11 20:40 - 2014-08-04 13:08 - 00000003 _____ () C:\Documents and Settings\Jan Rukavička\stut
2014-11-11 18:08 - 2014-07-17 05:16 - 00000000 ____D () C:\Program Files\ITN Converter
2014-11-11 17:16 - 2014-07-17 05:16 - 00000710 _____ () C:\Documents and Settings\All Users\Plocha\ITN Converter.lnk
2014-11-11 17:16 - 2014-07-17 05:16 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\ITN Converter
2014-11-11 17:16 - 2014-01-16 23:00 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-11-11 00:18 - 2014-01-16 22:15 - 00000000 ___RD () C:\Documents and Settings\Jan Rukavička\Dokumenty
2014-11-11 00:11 - 2014-01-16 22:57 - 00000000 ____D () C:\WINDOWS\twain_32
2014-11-10 23:32 - 2014-01-16 23:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-11-10 23:31 - 2014-08-04 13:06 - 00000062 _____ () C:\Documents and Settings\Jan Rukavička\rgut
2014-11-10 23:24 - 2014-01-16 22:15 - 00000000 __RHD () C:\Documents and Settings\Jan Rukavička\Data aplikací
2014-11-10 22:41 - 2014-09-14 17:21 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-11-10 22:39 - 2014-09-14 17:21 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-11-10 22:39 - 2014-01-16 23:00 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-11-10 19:39 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google
2014-11-07 10:41 - 2014-06-21 07:49 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Adobe
2014-11-07 09:53 - 2014-10-03 18:23 - 00000000 ____D () C:\Program Files\Abe's Oddysee
2014-11-07 09:53 - 2014-01-16 23:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-11-07 09:52 - 2014-01-16 23:00 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-11-07 09:52 - 2014-01-16 23:00 - 00000000 ____D () C:\Program Files\CCleaner
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
E8400@3.00GHz, P5Q DELUXE, 2 GB Corsair PC2-6400, SAMSUNG HD103UJ, ST3320620NS, Radeon HD 4890 1GB
Re: Prosímo kontrolu, podezření, 1 proces pořád 50%
Log vypada ciste... jsou jeste nejake problemy?Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosímo kontrolu, podezření, 1 proces pořád 50%
NB šlape jak hodinky. Mnohokrát děkuji!!!
E8400@3.00GHz, P5Q DELUXE, 2 GB Corsair PC2-6400, SAMSUNG HD103UJ, ST3320620NS, Radeon HD 4890 1GB
Re: Prosímo kontrolu, podezření, 1 proces pořád 50%
Nemate zac, rad jsem pomohl 
Jeste po sobe uklidim.
Jeste po sobe uklidim.
- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?