Hohosearch a MPCprotectService

Zpráva

Mirko · #1 Příspěvek od **Mirko** » 01 čer 2016 18:32

Dobrý večer, prosím o pomoc. Pokušel jsem se včera stáhnout Fifu, ale zaneřádil jsem si STROJ. kDYŽ NYNÍ KLIKNU NA NĚJAKÝ ODKAZ, OBČAS mě to hodí na nějakou jinou stránku a ve správcích úloh mám tyto nesmysly a ještě např. MPC čistič, geekbuddy apod..

Mohu poprosit o nápravu? Děkuji, Miroslav

#2 Příspěvek od **Rudy** » 01 čer 2016 19:38

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Mirko · #3 Příspěvek od **Mirko** » 01 čer 2016 20:51

Rudy píše:Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015
Ran by Mirek (administrator) on MIRA (01-06-2016 21:46:27)
Running from C:\Documents and Settings\Mirek\Plocha
Loaded Profiles: Mirek (Available Profiles: Mirek & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Documents and Settings\All Users\Data aplikací\DCHP\DCHP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCTray.exe
(TMRG, Inc.) C:\Program Files\RelevantKnowledge\rlvknlg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
() C:\Program Files\EA SPORTS\FIFA 99\fifa99.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QT Lite\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [RelevantKnowledge] => C:\program files\relevantknowledge\rlvknlg.exe [3502360 2013-08-17] (TMRG, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-861567501-842925246-682003330-1003\...\Run: [uTorrent] => C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe [2133504 2016-05-14] (BitTorrent Inc.)
HKU\S-1-5-21-861567501-842925246-682003330-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Mirek\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Trescof\Zooplus.dll => No File
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - C:\Documents and Settings\Mirek\Cookies\explibss.dll [343240 2016-05-31] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3D051471-358E-4E7B-936D-272584C91DC7}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: [NameServer] 10.1.0.56,10.1.0.20
Tcpip\..\Interfaces\{C0DC6653-53FF-4B92-9288-0928E2C97DE7}: [DhcpNameServer] 10.1.0.36 10.1.0.32

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
URLSearchHook: HKLM -> Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-861567501-842925246-682003330-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-861567501-842925246-682003330-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&r ... {startPage}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-861567501-842925246-682003330-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default
FF NewTab: about:newtab
FF DefaultSearchEngine: cloudfront
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=cloudfront
FF Homepage: hxxps://www.seznam.cz/
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=F595C7A1EA24E4AA66784F2A1509F167&ptid=epf1&ts=AHEqB3QkC3AsAk..&v=20160531&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @alawar.com/npapi -> C:\WINDOWS\npapi.dll [2014-01-29] (Alawar)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-27] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\WINDOWS\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Seznam lištička - C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-03-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Seznam lištička - C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-05-31]
FF Extension: GsearchFinder - C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-31]
FF Extension: Adblock Plus - C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-17] [not signed]
FF Extension: No Name - C:\Documents and Settings\Mirek\Data aplikacĂ\Profiles\chqqafpp.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]

Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3QkC3AsAk..&v=20160531&uid=F595C7A1EA24E4AA66784F2A1509F167&ptid=epf1&mode=loadm
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3QkC3AsAk..&v=20160531&uid=F595C7A1EA24E4AA66784F2A1509F167&ptid=epf1&mode=loadm"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?q={searchTerms}&ts=AHEqB3QkC3AsAk..&v=20160531&uid=F595C7A1EA24E4AA66784F2A1509F167&ptid=epf1&mode=loadm
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch

Opera:
=======
OPR StartupUrls: "hxxp://www.seznam.cz/"
OPR Extension: (News) - C:\Documents and Settings\Mirek\Data aplikací\Opera Software\Opera Stable\Extensions\mibfbmhijjgpkmobcfdlelpccpeafoom [2015-08-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-11-28] (Comodo Security Solutions, Inc.)
R2 DCHP; C:\Documents and Settings\All Users\Data aplikací\\DCHP\\DCHP.exe [400384 2016-04-12] () [File not signed]
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-11-28] (Comodo Security Solutions, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-29] (Oracle Corporation)
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [53248 2008-07-30] (Microsoft Corporation) [File not signed]
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-05-31] (DotC United Inc)
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [31744 2008-07-30] (Microsoft Corporation) [File not signed]
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S2 AteredomkefispCchservice; "C:\Program Files\Ateredomkefisp\AteredomkefispCchservice.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S2 Trescof; C:\Documents and Settings\All Users\Data aplikací\\Trescof\\Trescof.exe shuz -f "C:\Documents and Settings\All Users\Data aplikací\\Trescof\\Trescof.dat" -l -a

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [18528 2013-06-18] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [587352 2013-07-08] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32816 2013-06-18] (COMODO)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-04-11] ()
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed]
R1 HMD; C:\WINDOWS\System32\DRIVERS\hmd.sys [14272 2013-10-07] ()
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [99520 2013-06-18] (COMODO)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-05-31] (DotC United Inc)
R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-05-31] (DotC United Inc)
R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [100736 2008-07-30] (NVIDIA Corporation) [File not signed]
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [244864 2006-06-29] (Marvell)
S3 ZD1211BU(TP-LINK); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [500736 2007-06-25] (Atheros Technology Corporation) [File not signed]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-01 21:46 - 2016-06-01 21:46 - 00013838 _____ C:\Documents and Settings\Mirek\Plocha\FRST.txt
2016-06-01 12:42 - 2016-06-01 12:42 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\MCorp
2016-06-01 12:39 - 2013-08-17 00:01 - 00593688 _____ (TMRG, Inc.) C:\WINDOWS\system32\rlls.dll
2016-06-01 12:37 - 2016-06-01 12:37 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge
2016-06-01 12:37 - 2016-06-01 12:37 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\MPC
2016-05-31 18:07 - 2016-05-31 18:09 - 00304661 _____ ( ) C:\Documents and Settings\Mirek\Downloads\FIFA_2001 [1].exe
2016-05-31 17:51 - 2016-05-31 17:51 - 00000000 ____D C:\Documents and Settings\Mirek\Local Settings\Data aplikací\GetGo
2016-05-31 17:50 - 2016-05-31 17:50 - 00000000 ____D C:\Program Files\GetGo Software
2016-05-31 17:50 - 2016-05-31 17:50 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\GetGo Software
2016-05-31 17:50 - 2016-05-31 17:49 - 00053992 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-05-31 17:50 - 2016-05-31 17:49 - 00029032 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCBase.sys
2016-05-31 17:49 - 2016-06-01 12:37 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-05-31 17:30 - 2016-06-01 12:43 - 00000000 ____D C:\Program Files\RelevantKnowledge
2016-05-31 17:27 - 2016-05-31 17:27 - 00000666 _____ C:\WINDOWS\Tasks\Ateredomkefisp Cache.job
2016-05-31 17:26 - 2016-05-31 17:28 - 00000000 ____D C:\Program Files\Nimaiedchdsp
2016-05-31 17:26 - 2016-05-31 17:27 - 00000000 ____D C:\Program Files\Pucupy
2016-05-31 17:26 - 2016-05-31 17:27 - 00000000 ____D C:\Program Files\Ateredomkefisp
2016-05-31 17:26 - 2016-05-31 17:27 - 00000000 ____D C:\Documents and Settings\Mirek\Local Settings\Data aplikací\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-05-31 17:24 - 2016-05-31 17:25 - 00000391 _____ C:\WINDOWS\Directx.log
2016-05-31 16:47 - 2016-05-31 16:47 - 00000000 ____D C:\Documents and Settings\Mirek\Plocha\Data
2016-05-31 16:45 - 2016-05-31 16:45 - 00000000 ____D C:\Data
2016-05-27 21:39 - 2016-05-27 21:39 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\WinRAR
2016-05-27 21:34 - 2016-05-27 21:34 - 00000000 ____D C:\Documents and Settings\Mirek\Local Settings\Data aplikací\WMTools Downloaded Files
2016-05-22 14:00 - 2016-05-22 14:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AlawarEntertainment
2016-05-21 21:29 - 2016-05-21 21:29 - 00000000 ____D C:\Documents and Settings\Mirek\Dokumenty\EVROPSKÉ POHÁRY
2016-05-20 16:41 - 2016-05-20 16:41 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\quickclick
2016-05-16 13:54 - 2016-05-31 14:31 - 00290835 _____ C:\Documents and Settings\Mirek\Plocha\rozdělovník akt.xlsx
2016-05-15 12:45 - 2016-05-22 14:00 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\AlawarEntertainment
2016-05-05 15:05 - 2016-05-06 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-01 21:47 - 2015-10-25 16:37 - 00000000 ____D C:\Documents and Settings\Mirek\Local Settings\Temp
2016-06-01 21:46 - 2015-10-23 13:37 - 00000000 ____D C:\FRST
2016-06-01 21:46 - 2010-04-09 21:56 - 00000000 ____D C:\Documents and Settings\Mirek\Plocha
2016-06-01 21:44 - 2014-10-17 14:37 - 00039820 _____ C:\WINDOWS\system32\nvAppTimestamps
2016-06-01 21:04 - 2016-03-20 20:41 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-01 20:13 - 2010-04-09 23:22 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-06-01 19:35 - 2014-10-15 14:02 - 01415465 _____ C:\WINDOWS\WindowsUpdate.log
2016-06-01 19:07 - 2011-03-20 16:24 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\uTorrent
2016-06-01 12:42 - 2013-03-06 14:14 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\Seznam.cz
2016-06-01 12:42 - 2010-04-09 21:56 - 00000000 __RHD C:\Documents and Settings\Mirek\Data aplikací
2016-06-01 12:37 - 2016-02-19 16:12 - 00000392 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1455891128.job
2016-06-01 12:37 - 2010-04-09 23:22 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-06-01 12:35 - 2014-10-15 16:48 - 00000159 _____ C:\WINDOWS\wiadebug.log
2016-06-01 12:35 - 2014-10-15 16:48 - 00000048 _____ C:\WINDOWS\wiaservc.log
2016-06-01 12:35 - 2010-04-09 21:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-01 12:35 - 2001-10-25 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-05-31 23:50 - 2014-10-15 16:48 - 00032526 _____ C:\WINDOWS\SchedLgU.Txt
2016-05-31 23:50 - 2010-04-09 21:56 - 00000178 ___SH C:\Documents and Settings\Mirek\ntuser.ini
2016-05-31 23:47 - 2015-10-19 23:21 - 00000671 _____ C:\Documents and Settings\Mirek\Plocha\Mozilla Firefox.lnk
2016-05-31 22:18 - 2016-04-12 11:57 - 00016926 _____ C:\WINDOWS\wmsetup.log
2016-05-31 20:24 - 2010-04-09 23:16 - 00000000 ___RD C:\Documents and Settings\Mirek\Plocha\mp3
2016-05-31 19:02 - 2010-04-09 21:56 - 00000000 ___RD C:\Documents and Settings\Mirek\Nabídka Start\Programy
2016-05-31 18:17 - 2014-05-12 18:32 - 00000000 ____D C:\Program Files\EA SPORTS
2016-05-31 17:51 - 2010-04-09 21:56 - 00000000 ___HD C:\Documents and Settings\Mirek\Local Settings\Data aplikací
2016-05-31 17:28 - 2014-05-12 18:33 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\EA SPORTS
2016-05-31 17:28 - 2010-04-09 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-05-31 17:25 - 2016-02-19 16:12 - 00000878 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
2016-05-31 17:25 - 2014-03-26 11:14 - 00001018 _____ C:\Documents and Settings\Mirek\Nabídka Start\Programy\Internet Explorer.lnk
2016-05-31 10:25 - 2010-04-09 21:56 - 00000000 ___RD C:\Documents and Settings\Mirek\Dokumenty
2016-05-30 19:17 - 2016-04-12 13:47 - 00055839 _____ C:\WINDOWS\setupapi.log
2016-05-30 19:00 - 2015-06-20 20:47 - 00000000 ___RD C:\Documents and Settings\Mirek\Plocha\Fota
2016-05-28 17:47 - 2015-06-17 13:45 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-05-27 21:34 - 2013-12-26 22:11 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\vlc
2016-05-25 14:11 - 2016-02-14 15:08 - 00000000 ____D C:\Program Files\Hry.cz
2016-05-25 14:11 - 2016-02-14 15:08 - 00000000 ____D C:\Documents and Settings\Mirek\Nabídka Start\Programy\Hry.cz
2016-05-23 17:04 - 2016-05-01 18:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2016-05-22 14:00 - 2010-04-09 23:22 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2016-05-22 14:00 - 2010-04-09 23:21 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-05-21 21:14 - 2012-03-13 02:28 - 00000000 ____D C:\Documents and Settings\Mirek\Dokumenty\turk
2016-05-21 21:14 - 2010-04-19 14:02 - 00561664 __SHC C:\Documents and Settings\Mirek\Dokumenty\Thumbs.db
2016-05-21 21:13 - 2012-01-27 03:01 - 00000000 ____D C:\Documents and Settings\Mirek\Plocha\učení
2016-05-21 16:08 - 2016-02-14 15:08 - 00000811 _____ C:\Documents and Settings\Mirek\Plocha\V jednom městě.lnk
2016-05-20 00:37 - 2010-04-09 23:15 - 00000000 ___RD C:\Documents and Settings\Mirek\Dokumenty\plocha stará
2016-05-20 00:36 - 2010-04-09 22:19 - 00000000 ___RD C:\Documents and Settings\Mirek\Dokumenty\Obrázky
2016-05-13 11:20 - 2012-04-27 12:31 - 00000000 ___RD C:\Documents and Settings\Mirek\Plocha\propaganda
2016-05-12 20:04 - 2012-05-25 23:17 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-05-12 20:04 - 2012-05-25 23:17 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-05-07 12:47 - 2015-01-13 00:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-06 16:46 - 2016-01-31 16:19 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\Teyon
2016-05-04 12:34 - 2010-04-11 11:41 - 04413952 ___SH C:\Documents and Settings\Mirek\Plocha\Thumbs.db

==================== Files in the root of some directories =======

2010-12-06 18:27 - 2010-12-06 18:27 - 0330467 ____C () C:\Program Files\GGT.zip
2010-10-13 09:41 - 2010-10-13 09:41 - 0000000 ____C () C:\Program Files\scconf.txt
2016-04-09 12:41 - 2016-04-09 12:41 - 6504960 _____ () C:\Documents and Settings\Mirek\Data aplikací\agent.dat
2016-04-09 12:41 - 2016-04-09 12:41 - 0054272 _____ () C:\Documents and Settings\Mirek\Data aplikací\ApplicationHosting.dat
2016-04-09 12:41 - 2016-04-09 12:41 - 0072699 _____ () C:\Documents and Settings\Mirek\Data aplikací\Blacklam.tst
2016-04-09 12:41 - 2016-04-09 12:41 - 0065424 _____ () C:\Documents and Settings\Mirek\Data aplikací\Config.xml
2014-02-21 14:55 - 2014-02-21 14:55 - 0105727 _____ () C:\Documents and Settings\Mirek\Data aplikací\crashdump-2014-02-21-13-55.dmp
2016-04-09 12:41 - 2016-04-09 12:41 - 0848437 _____ () C:\Documents and Settings\Mirek\Data aplikací\DamSantip.bin
2016-04-09 12:41 - 2016-04-09 12:41 - 0073118 _____ () C:\Documents and Settings\Mirek\Data aplikací\inst.lat
2016-04-09 12:41 - 2016-04-09 12:41 - 0015984 _____ () C:\Documents and Settings\Mirek\Data aplikací\InstallationConfiguration.xml
2016-04-09 12:41 - 2016-04-09 12:41 - 0127488 _____ () C:\Documents and Settings\Mirek\Data aplikací\Installer.dat
2016-04-09 12:41 - 2016-04-09 12:41 - 0126464 _____ () C:\Documents and Settings\Mirek\Data aplikací\lobby.dat
2014-02-20 15:21 - 2014-02-22 19:41 - 1499429 _____ () C:\Documents and Settings\Mirek\Data aplikací\log.sflog
2016-04-09 12:41 - 2016-04-09 12:41 - 0018432 _____ () C:\Documents and Settings\Mirek\Data aplikací\Main.dat
2013-12-18 14:52 - 2013-12-18 14:52 - 0000052 _____ () C:\Documents and Settings\Mirek\Data aplikací\mbam.context.scan
2016-04-09 12:41 - 2016-04-09 12:41 - 0005568 _____ () C:\Documents and Settings\Mirek\Data aplikací\md.xml
2016-04-09 12:41 - 2016-04-09 12:41 - 0126464 _____ () C:\Documents and Settings\Mirek\Data aplikací\noah.dat
2012-06-28 22:37 - 2012-06-28 22:37 - 0000203 ____C () C:\Documents and Settings\Mirek\Data aplikací\OpenSceneryX Installer.plist
2016-04-09 12:41 - 2016-04-09 12:41 - 1626416 _____ () C:\Documents and Settings\Mirek\Data aplikací\Voyanimtouch.tst
2010-06-18 14:00 - 2016-02-03 01:08 - 0108544 _____ () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-11 13:58 - 2015-08-11 13:58 - 0003072 _____ () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\file__0.localstorage
2014-03-24 13:05 - 2014-03-24 13:05 - 0000125 _____ () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Mirek\Local Settings\Temp\6CeRyIwQGo.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\7za.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\curllib.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\DaS_21.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\FIFA 2001 Game.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaBeyondtheLegendMysteriesofOlympusCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaCountryTalesCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaGnomesGardenCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaSettlementColossusCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaTheTreasuresofMontezuma5Cs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaWeatherLordTheSuccessorsPathCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\hijackthis.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\libsasl.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\NirCmd.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\openldap.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\PEVZ.EXE
C:\Documents and Settings\Mirek\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\remove.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\sdf14F.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\sed.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\setup.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\shortcut.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\ssleay32.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\swreg.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\swxcacls.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\wget.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\zoek-delete.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2008-07-30 10:10] - [2008-07-30 10:10] - 1589760 ____A (Microsoft Corporation) DD7E25E20AEBD672DAE7E1D911C2D824

C:\WINDOWS\system32\winlogon.exe
[2008-07-30 10:17] - [2008-07-30 10:17] - 0557056 ____A (Microsoft Corporation) 12A799AD9415AE9C8ABCC5F75E9CF034

C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll
[2008-07-30 10:16] - [2008-07-30 10:16] - 0578560 ____A (Microsoft Corporation) CCB32D10C69A89822E9134C0C4894BE1

C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

případně poté vyjelo:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-10-2015
Ran by Mirek (2016-06-01 21:47:36)
Running from C:\Documents and Settings\Mirek\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) (2010-04-09 19:47:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-861567501-842925246-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.MIRA
ASPNET (S-1-5-21-861567501-842925246-682003330-1022 - Limited - Enabled)
Guest (S-1-5-21-861567501-842925246-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-861567501-842925246-682003330-1000 - Limited - Disabled)
Mirek (S-1-5-21-861567501-842925246-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mirek
SUPPORT_388945a0 (S-1-5-21-861567501-842925246-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-861567501-842925246-682003330-1003\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
ACE Mega CoDecS Pack (HKLM\...\{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1) (Version: 6.03.0911 - ACE DESIGN Software)
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: - )
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aktualizace systému Windows Internet Explorer 7 (KB980182) (HKLM\...\KB980182-IE7) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069) (Version: - Microsoft Corporation) Hidden
Aktualizace zabezpečení aplikace Windows Media Player (KB954155) (Version: - Microsoft Corporation) Hidden
Aktualizace zabezpečení aplikace Windows Media Player (KB968816) (Version: - Microsoft Corporation) Hidden
Aktualizace zabezpečení aplikace Windows Media Player (KB973540) (Version: - Microsoft Corporation) Hidden
Aktualizace zabezpečení aplikace Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version: - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version: - Microsoft Corporation)
Aktualizace zabezpečení produktu Windows XP (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB2898785) (HKLM\...\KB2898785-IE7) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2) (HKLM\...\KB938127-v2-IE7) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2884256) (HKLM\...\KB2884256) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB950760) (HKLM\...\KB950760) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB951066) (HKLM\...\KB951066) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB951748) (HKLM\...\KB951748) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB954459) (HKLM\...\KB954459) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB955069) (HKLM\...\KB955069) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956744) (HKLM\...\KB956744) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956803) (HKLM\...\KB956803) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB958644) (HKLM\...\KB958644) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB958869) (HKLM\...\KB958869) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB960225) (HKLM\...\KB960225) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB961501) (HKLM\...\KB961501) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB969947) (HKLM\...\KB969947) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB970238) (HKLM\...\KB970238) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971468) (HKLM\...\KB971468) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB971961) (HKLM\...\KB971961) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973354) (HKLM\...\KB973354) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975561) (HKLM\...\KB975561) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB977165-v2) (HKLM\...\KB977165-v2) (Version: 2 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB978037) (HKLM\...\KB978037) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB978251) (HKLM\...\KB978251) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB978262) (HKLM\...\KB978262) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
AVCHD Video Converter version 6.0.0 (HKLM\...\AVCHD Video Converter_is1) (Version: 6.0.0 - )
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 2.36 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Czech Soccer Manager (HKLM\...\Czech Soccer Manager) (Version: - )
Czech Soccer Manager 2002 Final Edition (HKLM\...\Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)) (Version: verze 4.0 (31.3.2006) - Petr Vašíček)
Djerba 2005 (HKLM\...\Djerba 2005) (Version: - )
FIFA 99 (HKLM\...\FIFA 99) (Version: - )
FS Scenery Creator (HKLM\...\ST5UNST #1) (Version: - )
FSRepaint (HKLM\...\FSRepaint) (Version: - )
FSRepaint V2.06 (HKLM\...\{14282D93-6BD9-4681-8D7D-7677390A0425}) (Version: 2.06.0000 - Abacus)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware verze 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player (HKLM\...\MediaPlayerV1alpha8194) (Version: 1.1 - Media Player) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Flight Simulator 2002 (HKLM\...\Flight Simulator 8.0) (Version: - )
Microsoft Office Small Business Edition 2003 (HKLM\...\{90CA0405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Zoo Tycoon (HKLM\...\Zoo Tycoon 1.0) (Version: - )
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
mp3-2-wav converter 1.14 (HKLM\...\mp3-2-wav) (Version: - )
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: - )
Nova (HKLM\...\ST5UNST #2) (Version: - )
Opera Stable 36.0.2130.65 (HKLM\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
Oprava Hotfix systému Windows XP (KB942288-v3) (HKLM\...\KB942288-v3) (Version: 3 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB979306) (HKLM\...\KB979306) (Version: 1 - Microsoft Corporation)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
pdfFactory (HKLM\...\pdfFactory) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Postranní panel systému Windows (HKLM\...\Windows Sidebar) (Version: 6.0.6001.18000 - Microsoft Corporation)
Pozadí legend: Tajemství Olympu (HKU\S-1-5-21-861567501-842925246-682003330-1003\...\Pozadí legend: Tajemství Olympu) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
QT Lite 4.1.0 (HKLM\...\quicktime_lite_is1) (Version: 4.1.0 - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
rajče průvodce verze 1.59.25.240 (HKLM\...\rajče.net_is1) (Version: - rajče.net)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6069 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MP550 series (HKLM\...\Registrace uživatele zařízení Canon MP550 series) (Version: - )
RelevantKnowledge (HKLM\...\{d08d9f98-1c78-4704-87e6-368b0023d831}) (Version: 1.3.336.320 - TMRG, Inc.) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version: - )
SafeFinder (HKLM\...\{3DAC2F0C-EC29-417F-900A-F5110592B371}) (Version: 1.0.0.0 - Linkury)
Seznam Software (HKU\S-1-5-21-861567501-842925246-682003330-1003\...\SeznamInstall) (Version: - Seznam.cz)
V jednom městě (HKU\S-1-5-21-861567501-842925246-682003330-1003\...\V jednom městě) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Version 1.0 (HKLM\...\{A901BF63-29AD-49A3-B067-231925E98B62}_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
Zoo Tycoon Čeština 1.05 (HKU\S-1-5-21-861567501-842925246-682003330-1003\...\Zoo Tycoon Čeština 1.05) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-861567501-842925246-682003330-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Update\1.3.21.111\psuser.dll => (the data entry has 7 more characters).

==================== Restore Points =========================

03-03-2016 18:58:54 Kontrolní bod systému
05-03-2016 13:49:26 Kontrolní bod systému
06-03-2016 15:30:42 Kontrolní bod systému
08-03-2016 15:05:53 Kontrolní bod systému
10-03-2016 17:30:56 Kontrolní bod systému
12-03-2016 15:37:00 Kontrolní bod systému
13-03-2016 18:06:48 Kontrolní bod systému
14-03-2016 21:46:05 Kontrolní bod systému
16-03-2016 16:57:40 Kontrolní bod systému
17-03-2016 17:16:49 Kontrolní bod systému
18-03-2016 18:07:05 Kontrolní bod systému
20-03-2016 01:28:31 Kontrolní bod systému
21-03-2016 14:04:38 Kontrolní bod systému
22-03-2016 16:11:11 Kontrolní bod systému
23-03-2016 18:05:59 Kontrolní bod systému
24-03-2016 10:43:51 Instalace nepodepsaného ovladače
25-03-2016 12:02:41 Kontrolní bod systému
26-03-2016 15:44:22 Kontrolní bod systému
27-03-2016 17:15:48 Kontrolní bod systému
28-03-2016 18:16:45 Kontrolní bod systému
29-03-2016 21:43:57 Kontrolní bod systému
31-03-2016 11:44:34 Kontrolní bod systému
01-04-2016 12:22:40 Kontrolní bod systému
02-04-2016 13:12:47 Kontrolní bod systému
03-04-2016 13:32:07 Kontrolní bod systému
05-04-2016 10:51:55 Kontrolní bod systému
06-04-2016 13:44:35 Kontrolní bod systému
07-04-2016 17:06:33 Kontrolní bod systému
08-04-2016 17:11:46 Kontrolní bod systému
11-04-2016 14:00:10 Kontrolní bod systému
12-04-2016 13:49:05 Instalace nepodepsaného ovladače
13-04-2016 19:43:48 Kontrolní bod systému
15-04-2016 17:12:52 Kontrolní bod systému
16-04-2016 19:42:04 Kontrolní bod systému
19-04-2016 17:00:08 Kontrolní bod systému
22-04-2016 10:40:35 Kontrolní bod systému
22-04-2016 10:57:30 JRT Pre-Junkware Removal
22-04-2016 11:00:59 JRT Pre-Junkware Removal
22-04-2016 11:09:11 JRT Pre-Junkware Removal
23-04-2016 14:48:28 Kontrolní bod systému
24-04-2016 14:50:28 Kontrolní bod systému
26-04-2016 14:41:08 Kontrolní bod systému
27-04-2016 17:21:33 Kontrolní bod systému
28-04-2016 19:15:27 Kontrolní bod systému
29-04-2016 18:41:07 zoek.exe restore point
30-04-2016 20:53:39 Kontrolní bod systému
02-05-2016 15:14:09 Kontrolní bod systému
03-05-2016 15:21:49 Kontrolní bod systému
04-05-2016 16:59:29 Kontrolní bod systému
05-05-2016 18:19:36 Kontrolní bod systému
06-05-2016 18:52:17 Kontrolní bod systému
07-05-2016 19:41:56 Kontrolní bod systému
08-05-2016 20:43:31 Kontrolní bod systému
10-05-2016 13:06:12 Kontrolní bod systému
11-05-2016 22:14:22 Kontrolní bod systému
13-05-2016 14:10:30 Kontrolní bod systému
15-05-2016 14:18:28 Kontrolní bod systému
16-05-2016 15:27:31 Kontrolní bod systému
17-05-2016 15:58:38 Kontrolní bod systému
20-05-2016 16:59:27 Kontrolní bod systému
20-05-2016 14:06:24 Kontrolní bod systému
21-05-2016 14:22:53 Kontrolní bod systému
22-05-2016 15:23:14 Kontrolní bod systému
23-05-2016 16:27:45 Kontrolní bod systému
24-05-2016 19:03:53 Kontrolní bod systému
27-05-2016 16:42:46 Kontrolní bod systému
28-05-2016 16:46:11 Kontrolní bod systému
29-05-2016 17:24:10 Kontrolní bod systému
31-05-2016 11:31:18 Kontrolní bod systému
01-06-2016 14:11:17 Kontrolní bod systému

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-10-25 18:00 - 2016-04-29 18:43 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Ateredomkefisp Cache.job => C:\Program Files\Ateredomkefisp\AteredomkefispCchtask.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1455891128.job => C:\Program Files\Opera\launcher.exe

==================== Loaded Modules (Whitelisted) ==============

2016-04-12 17:50 - 2016-04-12 17:35 - 00400384 _____ () C:\Documents and Settings\All Users\Data aplikací\DCHP\DCHP.exe
2010-04-09 22:02 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2010-04-09 22:02 - 2007-10-02 15:41 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll
2011-04-10 16:08 - 2011-04-10 16:08 - 00043520 _____ () C:\WINDOWS\system32\CmdLineExt03.dll
2016-05-31 17:27 - 2016-05-31 12:20 - 00343240 _____ () C:\Documents and Settings\Mirek\Cookies\explibss.dll
2014-05-12 18:32 - 1998-11-02 11:57 - 01799680 _____ () C:\Program Files\EA SPORTS\FIFA 99\fifa99.exe
2014-05-12 18:32 - 1998-10-22 18:17 - 00045056 _____ () C:\Program Files\EA SPORTS\FIFA 99\eacsnd.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\Mirek:gs5sys
AlternateDataStreams: C:\Documents and Settings\All Users\Šablony:gs5sys
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\desktop.ini:gs5sys
AlternateDataStreams: C:\Documents and Settings\All Users\Dokumenty\desktop.ini:gs5sys
AlternateDataStreams: C:\Documents and Settings\Mirek\Cookies:gs5sys
AlternateDataStreams: C:\Documents and Settings\Mirek\Plocha:gs5sys
AlternateDataStreams: C:\Documents and Settings\Mirek\Šablony:gs5sys
AlternateDataStreams: C:\Documents and Settings\Mirek\Data aplikací\desktop.ini:gs5sys
AlternateDataStreams: C:\Documents and Settings\Mirek\Local Settings\Data aplikací:gs5sys
AlternateDataStreams: C:\Documents and Settings\Mirek\Local Settings\History:gs5sys
AlternateDataStreams: C:\Documents and Settings\Mirek\Dokumenty\desktop.ini:gs5sys

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-861567501-842925246-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Enabled:UpdateManagerSetup
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:Instalátor AVG
StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe] => Enabled:Render Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe] => Enabled:umi
StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe] => Enabled:Pinnacle VideoSpin
StandardProfile\AuthorizedApplications: [C:\Program Files\PCData\cudaminer.exe] => Enabled:NProxy
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Hry.cz\Beyond the Legend Mysteries of Olympus\MysteriesofOlympus.exe] => Enabled:MysteriesofOlympus.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hry.cz\Imperial Island 3 Expansion\ImperialIsland3.wrp.exe] => Enabled:ImperialIsland3.wrp.exe
StandardProfile\AuthorizedApplications: [c:\program files\relevantknowledge\rlvknlg.exe] => Enabled:rlvknlg.exe
DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Nokia 6230i
Description: Nokia 6230i
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2016 09:07:16 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 09:07:16 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 08:53:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 08:53:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 07:19:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 07:19:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 07:12:16 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 07:12:16 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 05:46:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná registrace.

Error: (06/01/2016 05:46:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Systém Windows se nemůže dotazovat na položku registru DllName pro {7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná registrace.

System errors:
=============
Error: (06/01/2016 12:36:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba DCHP přestala během spouštění reagovat.

Error: (06/01/2016 12:35:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Trescof neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (05/31/2016 11:50:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba GeekBuddyRSP Server byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (05/31/2016 11:42:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba GeekBuddyRSP Server byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (05/31/2016 06:09:42 PM) (Source: DCOM) (EventID: 10010) (User: MIRA)
Description: Server {0002DF01-0000-0000-C000-000000000046} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/31/2016 06:08:16 PM) (Source: DCOM) (EventID: 10010) (User: MIRA)
Description: Server {0002DF01-0000-0000-C000-000000000046} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/31/2016 05:29:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba GeekBuddyRSP Server byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (05/31/2016 05:29:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba DCHP byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/31/2016 05:26:19 PM) (Source: DCOM) (EventID: 10010) (User: MIRA)
Description: Server {0002DF01-0000-0000-C000-000000000046} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/31/2016 10:10:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba DCHP přestala během spouštění reagovat.

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 64%
Total physical RAM: 2047.48 MB
Available physical RAM: 736.41 MB
Total Virtual: 3430.17 MB
Available Virtual: 2369.11 MB

==================== Drives ================================

Drive c: (Tento počítač) (Fixed) (Total:113.2 GB) (Free:42.86 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:6.83 GB) (Free:6.69 GB) NTFS
Drive i: (DATA) (Fixed) (Total:112.85 GB) (Free:100.34 GB) NTFS
Drive j: (FIFAPCCD) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: C5BC1D68)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=05)
Partition 2: (Active) - (Size=113.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4 Příspěvek od **Rudy** » 01 čer 2016 21:27

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Mirko · #5 Příspěvek od **Mirko** » 01 čer 2016 21:45

Zde log:

# AdwCleaner v5.119 - Log vytvořen 01/06/2016 v 22:39:57
# Aktualizováno 30/05/2016 by Xplode
# Databáze : 2016-05-30.3 [Server]
# Operační system : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Mirek - MIRA
# Spuštěno z : C:\Documents and Settings\Mirek\Plocha\adwcleaner_5.119.exe
# Nastavení : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

[+] Služba Smazáno : MPCProtectService
[+] Služba Smazáno : MPCKpt
[+] Služba Smazáno : MPCBase

***** [ Složky ] *****

[-] Složka Smazáno : C:\Documents and Settings\All Users\Nabídka Start\Programy\MPC
[-] Složka Smazáno : C:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge
[#] Složka Smazáno : C:\Program Files\MPC Cleaner
[-] Složka Smazáno : C:\Program Files\RelevantKnowledge
[-] Složka Smazáno : C:\DOCUME~1\Mirek\LOCALS~1\Temp\MPC
[-] Složka Smazáno : C:\Documents and Settings\Mirek\Data aplikací\MCorp

***** [ Soubory ] *****

[-] Soubor Smazáno : C:\WINDOWS\system32\rlls.dll
[#] Soubor Smazáno : C:\WINDOWS\system32\drivers\MPCBase.sys
[#] Soubor Smazáno : C:\WINDOWS\system32\drivers\MPCKpt.sys

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

[-] Zástupce Vyléčeno : C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč Smazáno : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč Smazáno : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Klíč Smazáno : HKCU\Software\PRODUCTSETUP
[-] Klíč Smazáno : HKCU\Software\csastats
[-] Klíč Smazáno : HKLM\SOFTWARE\MPC
[-] Klíč Smazáno : HKLM\SOFTWARE\imalcom
[-] Klíč Smazáno : HKLM\SOFTWARE\hohosearchSoftware
[-] Klíč Smazáno : HKLM\SOFTWARE\SrpnFiles
[-] Klíč Smazáno : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
[-] Hodnota Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [c:\program files\relevantknowledge\rlvknlg.exe]

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6491 bytů] - [29/04/2016 18:29:04]
C:\AdwCleaner\AdwCleaner[C2].txt - [2776 bytů] - [01/06/2016 22:39:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [84745 bytů] - [20/10/2015 15:31:58]
C:\AdwCleaner\AdwCleaner[C4].txt - [875 bytů] - [24/10/2015 20:43:41]
C:\AdwCleaner\AdwCleaner[R5].txt - [3235 bytů] - [22/04/2016 12:37:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [13595 bytů] - [29/04/2016 18:26:35]
C:\AdwCleaner\AdwCleaner[S2].txt - [3609 bytů] - [01/06/2016 22:37:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [81569 bytů] - [20/10/2015 15:29:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [3801 bytů] - [24/10/2015 20:21:32]
C:\AdwCleaner\AdwCleaner[S5].txt - [793 bytů] - [24/10/2015 20:28:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3434 bytů] ##########

#6 Příspěvek od **Rudy** » 02 čer 2016 17:19

Dejte nový log FRST.

Mirko · #7 Příspěvek od **Mirko** » 02 čer 2016 19:50

Dobrý večer:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015
Ran by Mirek (administrator) on MIRA (02-06-2016 20:47:58)
Running from C:\Documents and Settings\Mirek\Plocha
Loaded Profiles: Mirek (Available Profiles: Mirek & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCTray.exe
() C:\Documents and Settings\Mirek\Data aplikací\Seznam.cz\szninstall.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QT Lite\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [RelevantKnowledge] => C:\program files\relevantknowledge\rlvknlg.exe -boot
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-861567501-842925246-682003330-1003\...\Run: [uTorrent] => C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe [2133504 2016-05-14] (BitTorrent Inc.)
HKU\S-1-5-21-861567501-842925246-682003330-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Mirek\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Trescof\Zooplus.dll => No File
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - C:\Documents and Settings\Mirek\Cookies\explibss.dll [343240 2016-05-31] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3D051471-358E-4E7B-936D-272584C91DC7}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: [NameServer] 10.1.0.56,10.1.0.20
Tcpip\..\Interfaces\{C0DC6653-53FF-4B92-9288-0928E2C97DE7}: [DhcpNameServer] 10.1.0.36 10.1.0.32

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
URLSearchHook: HKLM -> Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-861567501-842925246-682003330-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-861567501-842925246-682003330-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&r ... {startPage}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-861567501-842925246-682003330-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default
FF NewTab: about:newtab
FF DefaultSearchEngine: cloudfront
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=cloudfront
FF Homepage: hxxps://www.seznam.cz/
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=F595C7A1EA24E4AA66784F2A1509F167&ptid=epf1&ts=AHEqB3QkC3AsAk..&v=20160531&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @alawar.com/npapi -> C:\WINDOWS\npapi.dll [2014-01-29] (Alawar)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-27] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\WINDOWS\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Seznam lištička - C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-03-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Seznam lištička - C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-05-31]
FF Extension: GsearchFinder - C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-31]
FF Extension: Adblock Plus - C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-17] [not signed]
FF Extension: No Name - C:\Documents and Settings\Mirek\Data aplikacĂ\Profiles\chqqafpp.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]

Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3QkC3AsAk..&v=20160531&uid=F595C7A1EA24E4AA66784F2A1509F167&ptid=epf1&mode=loadm
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3QkC3AsAk..&v=20160531&uid=F595C7A1EA24E4AA66784F2A1509F167&ptid=epf1&mode=loadm"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?q={searchTerms}&ts=AHEqB3QkC3AsAk..&v=20160531&uid=F595C7A1EA24E4AA66784F2A1509F167&ptid=epf1&mode=loadm
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch

Opera:
=======
OPR StartupUrls: "hxxp://www.seznam.cz/"
OPR Extension: (News) - C:\Documents and Settings\Mirek\Data aplikací\Opera Software\Opera Stable\Extensions\mibfbmhijjgpkmobcfdlelpccpeafoom [2015-08-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-11-28] (Comodo Security Solutions, Inc.)
S2 DCHP; C:\Documents and Settings\All Users\Data aplikací\\DCHP\\DCHP.exe [400384 2016-04-12] () [File not signed]
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-11-28] (Comodo Security Solutions, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-29] (Oracle Corporation)
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [53248 2008-07-30] (Microsoft Corporation) [File not signed]
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-05-31] (DotC United Inc)
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [31744 2008-07-30] (Microsoft Corporation) [File not signed]
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S2 AteredomkefispCchservice; "C:\Program Files\Ateredomkefisp\AteredomkefispCchservice.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S2 Trescof; C:\Documents and Settings\All Users\Data aplikací\\Trescof\\Trescof.exe shuz -f "C:\Documents and Settings\All Users\Data aplikací\\Trescof\\Trescof.dat" -l -a

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [18528 2013-06-18] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [587352 2013-07-08] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32816 2013-06-18] (COMODO)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-04-11] ()
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed]
R1 HMD; C:\WINDOWS\System32\DRIVERS\hmd.sys [14272 2013-10-07] ()
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [99520 2013-06-18] (COMODO)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-05-31] (DotC United Inc)
R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-05-31] (DotC United Inc)
R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [100736 2008-07-30] (NVIDIA Corporation) [File not signed]
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [244864 2006-06-29] (Marvell)
S3 ZD1211BU(TP-LINK); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [500736 2007-06-25] (Atheros Technology Corporation) [File not signed]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-02 20:45 - 2016-06-02 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\MPC
2016-06-01 22:46 - 2016-06-01 22:46 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\MCorp
2016-06-01 22:37 - 2016-06-01 22:37 - 03677248 _____ C:\Documents and Settings\Mirek\Plocha\adwcleaner_5.119.exe
2016-06-01 21:47 - 2016-06-01 21:48 - 00040221 _____ C:\Documents and Settings\Mirek\Plocha\Addition.txt
2016-06-01 21:46 - 2016-06-02 20:48 - 00013698 _____ C:\Documents and Settings\Mirek\Plocha\FRST.txt
2016-05-31 18:07 - 2016-05-31 18:09 - 00304661 _____ ( ) C:\Documents and Settings\Mirek\Downloads\FIFA_2001 [1].exe
2016-05-31 17:51 - 2016-05-31 17:51 - 00000000 ____D C:\Documents and Settings\Mirek\Local Settings\Data aplikací\GetGo
2016-05-31 17:50 - 2016-05-31 17:50 - 00000000 ____D C:\Program Files\GetGo Software
2016-05-31 17:50 - 2016-05-31 17:50 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\GetGo Software
2016-05-31 17:50 - 2016-05-31 17:49 - 00053992 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-05-31 17:50 - 2016-05-31 17:49 - 00029032 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCBase.sys
2016-05-31 17:49 - 2016-06-01 12:37 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-05-31 17:27 - 2016-05-31 17:27 - 00000666 _____ C:\WINDOWS\Tasks\Ateredomkefisp Cache.job
2016-05-31 17:26 - 2016-05-31 17:28 - 00000000 ____D C:\Program Files\Nimaiedchdsp
2016-05-31 17:26 - 2016-05-31 17:27 - 00000000 ____D C:\Program Files\Pucupy
2016-05-31 17:26 - 2016-05-31 17:27 - 00000000 ____D C:\Program Files\Ateredomkefisp
2016-05-31 17:26 - 2016-05-31 17:27 - 00000000 ____D C:\Documents and Settings\Mirek\Local Settings\Data aplikací\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-05-31 17:24 - 2016-05-31 17:25 - 00000391 _____ C:\WINDOWS\Directx.log
2016-05-31 16:47 - 2016-05-31 16:47 - 00000000 ____D C:\Documents and Settings\Mirek\Plocha\Data
2016-05-31 16:45 - 2016-05-31 16:45 - 00000000 ____D C:\Data
2016-05-27 21:39 - 2016-05-27 21:39 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\WinRAR
2016-05-27 21:34 - 2016-05-27 21:34 - 00000000 ____D C:\Documents and Settings\Mirek\Local Settings\Data aplikací\WMTools Downloaded Files
2016-05-22 14:00 - 2016-05-22 14:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AlawarEntertainment
2016-05-21 21:29 - 2016-05-21 21:29 - 00000000 ____D C:\Documents and Settings\Mirek\Dokumenty\EVROPSKÉ POHÁRY
2016-05-20 16:41 - 2016-05-20 16:41 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\quickclick
2016-05-16 13:54 - 2016-05-31 14:31 - 00290835 _____ C:\Documents and Settings\Mirek\Plocha\rozdělovník akt.xlsx
2016-05-15 12:45 - 2016-05-22 14:00 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\AlawarEntertainment
2016-05-05 15:05 - 2016-05-06 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-02 20:48 - 2015-10-25 16:37 - 00000000 ____D C:\Documents and Settings\Mirek\Local Settings\Temp
2016-06-02 20:48 - 2015-10-23 13:37 - 00000000 ____D C:\FRST
2016-06-02 20:47 - 2014-10-17 14:37 - 00039820 _____ C:\WINDOWS\system32\nvAppTimestamps
2016-06-02 20:46 - 2011-03-20 16:24 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\uTorrent
2016-06-02 20:46 - 2010-04-09 23:22 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-06-02 20:46 - 2010-04-09 21:56 - 00000000 ____D C:\Documents and Settings\Mirek\Plocha
2016-06-02 20:45 - 2016-02-19 16:12 - 00000392 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1455891128.job
2016-06-02 20:45 - 2014-10-15 14:02 - 01431031 _____ C:\WINDOWS\WindowsUpdate.log
2016-06-02 20:45 - 2010-04-09 23:22 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-06-02 20:44 - 2014-10-15 16:48 - 00000159 _____ C:\WINDOWS\wiadebug.log
2016-06-02 20:44 - 2014-10-15 16:48 - 00000048 _____ C:\WINDOWS\wiaservc.log
2016-06-02 20:44 - 2010-04-09 21:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-02 17:10 - 2014-10-15 16:48 - 00032526 _____ C:\WINDOWS\SchedLgU.Txt
2016-06-02 17:10 - 2010-04-09 21:56 - 00000178 ___SH C:\Documents and Settings\Mirek\ntuser.ini
2016-06-02 17:04 - 2016-03-20 20:41 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-02 13:39 - 2013-03-06 14:14 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\Seznam.cz
2016-06-01 22:46 - 2010-04-09 21:56 - 00000000 __RHD C:\Documents and Settings\Mirek\Data aplikací
2016-06-01 22:40 - 2016-02-19 16:12 - 00000676 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
2016-06-01 22:39 - 2015-10-20 15:29 - 00000000 ____D C:\AdwCleaner
2016-06-01 22:07 - 2016-04-12 11:57 - 00017329 _____ C:\WINDOWS\wmsetup.log
2016-06-01 12:35 - 2001-10-25 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-05-31 20:24 - 2010-04-09 23:16 - 00000000 ___RD C:\Documents and Settings\Mirek\Plocha\mp3
2016-05-31 19:02 - 2010-04-09 21:56 - 00000000 ___RD C:\Documents and Settings\Mirek\Nabídka Start\Programy
2016-05-31 18:17 - 2014-05-12 18:32 - 00000000 ____D C:\Program Files\EA SPORTS
2016-05-31 17:51 - 2010-04-09 21:56 - 00000000 ___HD C:\Documents and Settings\Mirek\Local Settings\Data aplikací
2016-05-31 17:28 - 2014-05-12 18:33 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\EA SPORTS
2016-05-31 17:28 - 2010-04-09 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-05-31 17:25 - 2014-03-26 11:14 - 00001018 _____ C:\Documents and Settings\Mirek\Nabídka Start\Programy\Internet Explorer.lnk
2016-05-31 10:25 - 2010-04-09 21:56 - 00000000 ___RD C:\Documents and Settings\Mirek\Dokumenty
2016-05-30 19:17 - 2016-04-12 13:47 - 00055839 _____ C:\WINDOWS\setupapi.log
2016-05-30 19:00 - 2015-06-20 20:47 - 00000000 ___RD C:\Documents and Settings\Mirek\Plocha\Fota
2016-05-28 17:47 - 2015-06-17 13:45 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-05-27 21:34 - 2013-12-26 22:11 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\vlc
2016-05-25 14:11 - 2016-02-14 15:08 - 00000000 ____D C:\Program Files\Hry.cz
2016-05-25 14:11 - 2016-02-14 15:08 - 00000000 ____D C:\Documents and Settings\Mirek\Nabídka Start\Programy\Hry.cz
2016-05-23 17:04 - 2016-05-01 18:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2016-05-22 14:00 - 2010-04-09 23:22 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2016-05-22 14:00 - 2010-04-09 23:21 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-05-21 21:14 - 2012-03-13 02:28 - 00000000 ____D C:\Documents and Settings\Mirek\Dokumenty\turk
2016-05-21 21:14 - 2010-04-19 14:02 - 00561664 __SHC C:\Documents and Settings\Mirek\Dokumenty\Thumbs.db
2016-05-21 21:13 - 2012-01-27 03:01 - 00000000 ____D C:\Documents and Settings\Mirek\Plocha\učení
2016-05-21 16:08 - 2016-02-14 15:08 - 00000811 _____ C:\Documents and Settings\Mirek\Plocha\V jednom městě.lnk
2016-05-20 00:37 - 2010-04-09 23:15 - 00000000 ___RD C:\Documents and Settings\Mirek\Dokumenty\plocha stará
2016-05-20 00:36 - 2010-04-09 22:19 - 00000000 ___RD C:\Documents and Settings\Mirek\Dokumenty\Obrázky
2016-05-13 11:20 - 2012-04-27 12:31 - 00000000 ___RD C:\Documents and Settings\Mirek\Plocha\propaganda
2016-05-12 20:04 - 2012-05-25 23:17 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-05-12 20:04 - 2012-05-25 23:17 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-05-07 12:47 - 2015-01-13 00:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-06 16:46 - 2016-01-31 16:19 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\Teyon
2016-05-04 12:34 - 2010-04-11 11:41 - 04413952 ___SH C:\Documents and Settings\Mirek\Plocha\Thumbs.db

==================== Files in the root of some directories =======

2010-12-06 18:27 - 2010-12-06 18:27 - 0330467 ____C () C:\Program Files\GGT.zip
2010-10-13 09:41 - 2010-10-13 09:41 - 0000000 ____C () C:\Program Files\scconf.txt
2016-04-09 12:41 - 2016-04-09 12:41 - 6504960 _____ () C:\Documents and Settings\Mirek\Data aplikací\agent.dat
2016-04-09 12:41 - 2016-04-09 12:41 - 0054272 _____ () C:\Documents and Settings\Mirek\Data aplikací\ApplicationHosting.dat
2016-04-09 12:41 - 2016-04-09 12:41 - 0072699 _____ () C:\Documents and Settings\Mirek\Data aplikací\Blacklam.tst
2016-04-09 12:41 - 2016-04-09 12:41 - 0065424 _____ () C:\Documents and Settings\Mirek\Data aplikací\Config.xml
2014-02-21 14:55 - 2014-02-21 14:55 - 0105727 _____ () C:\Documents and Settings\Mirek\Data aplikací\crashdump-2014-02-21-13-55.dmp
2016-04-09 12:41 - 2016-04-09 12:41 - 0848437 _____ () C:\Documents and Settings\Mirek\Data aplikací\DamSantip.bin
2016-04-09 12:41 - 2016-04-09 12:41 - 0073118 _____ () C:\Documents and Settings\Mirek\Data aplikací\inst.lat
2016-04-09 12:41 - 2016-04-09 12:41 - 0015984 _____ () C:\Documents and Settings\Mirek\Data aplikací\InstallationConfiguration.xml
2016-04-09 12:41 - 2016-04-09 12:41 - 0127488 _____ () C:\Documents and Settings\Mirek\Data aplikací\Installer.dat
2016-04-09 12:41 - 2016-04-09 12:41 - 0126464 _____ () C:\Documents and Settings\Mirek\Data aplikací\lobby.dat
2014-02-20 15:21 - 2014-02-22 19:41 - 1499429 _____ () C:\Documents and Settings\Mirek\Data aplikací\log.sflog
2016-04-09 12:41 - 2016-04-09 12:41 - 0018432 _____ () C:\Documents and Settings\Mirek\Data aplikací\Main.dat
2013-12-18 14:52 - 2013-12-18 14:52 - 0000052 _____ () C:\Documents and Settings\Mirek\Data aplikací\mbam.context.scan
2016-04-09 12:41 - 2016-04-09 12:41 - 0005568 _____ () C:\Documents and Settings\Mirek\Data aplikací\md.xml
2016-04-09 12:41 - 2016-04-09 12:41 - 0126464 _____ () C:\Documents and Settings\Mirek\Data aplikací\noah.dat
2012-06-28 22:37 - 2012-06-28 22:37 - 0000203 ____C () C:\Documents and Settings\Mirek\Data aplikací\OpenSceneryX Installer.plist
2016-04-09 12:41 - 2016-04-09 12:41 - 1626416 _____ () C:\Documents and Settings\Mirek\Data aplikací\Voyanimtouch.tst
2010-06-18 14:00 - 2016-02-03 01:08 - 0108544 _____ () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-11 13:58 - 2015-08-11 13:58 - 0003072 _____ () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\file__0.localstorage
2014-03-24 13:05 - 2014-03-24 13:05 - 0000125 _____ () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Mirek\Local Settings\Temp\6CeRyIwQGo.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\7za.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\curllib.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\DaS_21.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\FIFA 2001 Game.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaBeyondtheLegendMysteriesofOlympusCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaCountryTalesCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaGnomesGardenCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaSettlementColossusCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaTheTreasuresofMontezuma5Cs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\GeewaWeatherLordTheSuccessorsPathCs_10202.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\hijackthis.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\libsasl.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\NirCmd.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\openldap.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\PEVZ.EXE
C:\Documents and Settings\Mirek\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\remove.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\sdf14F.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\sed.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\setup.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\shortcut.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\ssleay32.dll
C:\Documents and Settings\Mirek\Local Settings\Temp\swreg.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\swxcacls.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\wget.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\zoek-delete.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2008-07-30 10:10] - [2008-07-30 10:10] - 1589760 ____A (Microsoft Corporation) DD7E25E20AEBD672DAE7E1D911C2D824

C:\WINDOWS\system32\winlogon.exe
[2008-07-30 10:17] - [2008-07-30 10:17] - 0557056 ____A (Microsoft Corporation) 12A799AD9415AE9C8ABCC5F75E9CF034

C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll
[2008-07-30 10:16] - [2008-07-30 10:16] - 0578560 ____A (Microsoft Corporation) CCB32D10C69A89822E9134C0C4894BE1

C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

#8 Příspěvek od **Rudy** » 02 čer 2016 20:21

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [RelevantKnowledge] => C:\program files\relevantknowledge\rlvknlg.exe -boot
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Trescof\Zooplus.dll => No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
S2 Trescof; C:\Documents and Settings\All Users\Data aplikací\\Trescof\\Trescof.exe shuz -f "C:\Documents and Settings\All Users\Data aplikací\\Trescof\\Trescof.dat" -l -a
C:\Documents and Settings\All Users\Data aplikací\\Trescof
C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Mirek\Local Settings\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Mirko · #9 Příspěvek od **Mirko** » 02 čer 2016 20:41

Fix result of Farbar Recovery Scan Tool (x86) Version:25-10-2015
Ran by Mirek (2016-06-02 21:38:31) Run:2
Running from C:\Documents and Settings\Mirek\Plocha
Loaded Profiles: Mirek (Available Profiles: Mirek & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [RelevantKnowledge] => C:\program files\relevantknowledge\rlvknlg.exe -boot
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Trescof\Zooplus.dll => No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
S2 Trescof; C:\Documents and Settings\All Users\Data aplikací\\Trescof\\Trescof.exe shuz -f "C:\Documents and Settings\All Users\Data aplikací\\Trescof\\Trescof.dat" -l -a
C:\Documents and Settings\All Users\Data aplikací\\Trescof
C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Mirek\Local Settings\Temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RelevantKnowledge => value removed successfully.
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\Trescof\Zooplus.dll" => Value data removed successfully..
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
Trescof => service removed successfully.
"C:\Documents and Settings\All Users\Data aplikací\\Trescof" => not found.
C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Mirek\Local Settings\Temp => moved successfully

==== End of Fixlog 21:38:35 ====

#10 Příspěvek od **Rudy** » 02 čer 2016 21:08

Smazáno. Nastala nějaká změna?

Mirko · #11 Příspěvek od **Mirko** » 02 čer 2016 21:13

Děkuji. Sice to neblbne, ale v procesech ve správci úloh ten MPC protect pořád je.. Stejně tak vpravo dole u hodin MPC čistič

Mirko · #12 Příspěvek od **Mirko** » 02 čer 2016 21:25

A když zadám do vyhledávače nahoře vpravo (jindy pro google), nenajde mi to výsledky googlem, ale v tomto: http://airzip2.inspsearch.com/search/web?type

(((

#13 Příspěvek od **Rudy** » 02 čer 2016 21:33

OK. Udělejte kompletní sken MBAM: http://filehippo.com/download_malwareby ... are/14815/ a dejte log. Předem nic nemažte. Nabídku ke stažení nové verze ignorujte, pod XP nefunguje.

Mirko · #14 Příspěvek od **Mirko** » 04 čer 2016 11:27

Hezký víkend, zde je log z MBAMu

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Mirek :: MIRA [administrátor]

4.6.2016 9:59:00
mbam-log-2016-06-03 (13-11-57).txt

Typ: Kompletní kontrola (C:\|I:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 508142
Uplynulý čas: 2 hodin, 20 minut, 5 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 36
C:\AdwCleaner\FileQuarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\RelevantKnowledge\rlvknlg32.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\RelevantKnowledge\rlvknlg64.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\WINDOWS\system32\rlls.dll.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg32.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg64.exe.vir (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\FRST\Quarantine\C\Documents and Settings\Mirek\Local Settings\Temp\Temp\CSM1A4.tmp (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP578\A0133966.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP578\A0133967.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP578\A0133968.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP578\A0133969.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP578\A0133970.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP578\A0133971.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP578\A0133972.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP545\A0131896.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP545\A0131897.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP545\A0131898.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP545\A0131899.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP546\A0131930.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP546\A0131931.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP546\A0131932.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP546\A0131933.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP547\A0131942.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP547\A0131943.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP547\A0131944.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP547\A0131945.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP547\A0131960.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP547\A0131961.exe (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8C65CB05-A1FA-4A43-A4C2-A78475CEA6F1}\RP552\A0132317.dll (PUP.Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.

(konec)

#15 Příspěvek od **Rudy** » 04 čer 2016 11:37

Všechny nálezy smažte.

VIRY.CZ

Hohosearch a MPCprotectService

Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService

Re: Hohosearch a MPCprotectService