Spouští se "instalátor" havěti

[Aradiel]

Dobrý den, mám takový problém. Na mém (tomto) pracovním počítači (vím, plečka, nekamenovat prosím ) se nějak dostalo... něco, co spouští "setup.exe" a instaluje cosi v nepravidelných periodách. Malwarebytes si s tím neporadí zdá se.

Poprosil bych o vaší pomoc

Log zde

info.txt logfile of random's system information tool 1.14 2017-02-11 12:21:26

======MBR======

0x33C08ED0BC007CFB5007501FFCBE1B7CBF1B065057B9E501F3A4CBBDBE07B104386E007C09751383C510E2F4CD188BF583C610497419382C74F6A0B507B4078BF0AC3C0074FCBB0700B40ECD10EBF2884E10E84600732AFE4610807E040B740B807E040C7405A0B60775D2804602068346080683560A00E821007305A0B607EBBC813EFE7D55AA740B807E100074C8A0B707EBA98BFC1E578BF5CBBF05008A5600B408CD1372238AC1243F988ADE8AFC43F7E38BD186D6B106D2EE42F7E239560A77237205394608731CB80102BB007C8B4E028B5600CD1373514F744E32E48A5600CD13EBE48A560060BBAA55B441CD13723681FB55AA7530F6C101742B61606A006A00FF760AFF76086A0068007C6A016A10B4428BF4CD136161730E4F740B32E48A5600CD13EBD661F9C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002C44634FF84FF800008001010007FEFFFF3F000000C197422500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

[2006/12/29 17:19:01]-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf <<Hidden
[2014/09/21 11:05:14]-->MsiExec /X{B455E95A-B804-439F-B533-336B1635AE97} <<Hidden
µTorrent [2012/07/30 22:41:17]-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ACDSee 6.0 PowerPack [20150118]-->MsiExec.exe /I{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}
Adobe AIR [20080714]-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 24 NPAPI [2017/01/05 10:14:12]-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_0_0_186_Plugin.exe -maintain plugin
Adobe Reader XI - Czech [20130212]-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Apple Application Support [20130118]-->MsiExec.exe /I{F5266D28-E0B2-4130-BFC5-EE155AD514DC}
Apple Software Update [20130118]-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ASUS DH Remote [2006/12/29 17:41:36]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}\Setup.exe" -l0x9
Baldur's Gate II: Enhanced Edition Update v1.2.2030 [20131123]-->"C:\Program Files\Baldur's Gate II Enhanced Edition\unins000.exe"
Bullzip PDF Printer 10.24.0.2543 [20160726]-->"C:\Program Files\Bullzip\PDF Printer\unins000.exe"
Call of Duty(R) - World at War(TM) 1.1 Patch [2011/03/28 15:05:51]-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.2 Patch [2011/03/28 15:16:24]-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch [2011/03/28 15:20:31]-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.5 Patch [2011/03/28 15:29:26]-->C:\Program Files\InstallShield Installation Information\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.6 Patch [2011/03/28 15:34:52]-->C:\Program Files\InstallShield Installation Information\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.7 Patch [2011/03/28 15:35:20]-->C:\Program Files\InstallShield Installation Information\{750C87B8-AF19-4C3C-B791-50D9C83AE572}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch [2007/12/07 22:40:04]-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
CBR Reader [20130830]-->"C:\Program Files\CBR Reader\unins000.exe"
CBR to PDF Converter version 8.11 [20150423]-->"C:\Program Files\CBR to PDF Converter\unins000.exe"
CCleaner (remove only) [2007/02/01 20:59:54]-->"C:\Program Files\CCleaner\uninst.exe"
Core FTP LE [2015/04/22 23:29:05]-->"C:\Program Files\CoreFTP\uninstall.exe"
Defraggler [2012/11/02 23:16:52]-->"C:\Program Files\Defraggler\uninst.exe"
DivX Setup [2013/04/01 23:22:25]-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall
DjVu Viewer [20140428]-->"C:\Program Files\DjVu Viewer\unins000.exe"
EAX4 Unified Redist [20070103]-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
EPUB File Reader [20170206]-->"C:\Program Files\EPUB File Reader\unins000.exe"
Facebook Video Calling 3.1.0.521 [20140813]-->MsiExec.exe /X{2091F234-EB58-4B80-8C96-8EB78C808CF7}
FlacSquisher 1.3.6 [2016/11/15 16:51:35]-->C:\Program Files\FlacSquisher\uninst.exe
Free MKV Player version 1.0 [20130401]-->"C:\Program Files\Free MKV Player\unins000.exe"
Free Sound Recorder v9.3.1 [20130112]-->"C:\Program Files\Free Sound Recorder\unins000.exe"
Google Talk Plugin [20151216]-->MsiExec.exe /I{F9B579C2-D854-300A-BE62-A09EB9D722E4}
Haali Media Splitter [2013/11/02 21:50:46]-->"C:\Program Files\Matroska Pack\haali\uninstall.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) [2009/11/06 10:16:59]-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB942288-v3) [20090320]-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Java 7 Update 67 [20130629]-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
Java 8 Update 60 [20150918]-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218060F0}
JRAID [20061229]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Malwarebytes Anti-Malware version 2.2.1.1043 [20160607]-->"C:\Program Files\Malwarebytes Anti-Malware\unins000.exe"
Marvell Miniport Driver [20061229]-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Matroska Pack [2013/11/02 21:50:47]-->C:\Program Files\Matroska Pack\uninstall.exe
Media Player Codec Pack 4.4.1 [2016/09/10 00:06:53]-->C:\WINDOWS\system32\Codecs\Uninst.exe
Microsoft .NET Framework 1.1 [20070202]-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 [20091106]-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 [20091106]-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1 [2009/11/06 10:16:59]-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1 [20091106]-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile [2011/12/30 17:24:26]-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile [20111230]-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended [2011/12/30 17:27:02]-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended [20111230]-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Compression Client Pack 1.0 for Windows XP [20080810]-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable [20110528]-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Choice Guard [20091110]-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 [20121007]-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office Proof (English) 2010 [20150107]-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010 [20150107]-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010 [20150107]-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010 [20150107]-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010 [20150107]-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010 [20150107]-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2010 [20150107]-->MsiExec.exe /X{90140000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010 [20150107]-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional s aplikací FrontPage [20100925]-->MsiExec.exe /I{90280405-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight [20130323]-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 [20080810]-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable [20091008]-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable [20091119]-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable [20110528]-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [20101005]-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [20091028]-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [20100509]-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [20130420]-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [20130830]-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual J# 2.0 Redistributable Package [2008/08/15 16:49:30]-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Windows Media Video 9 VCM [2008/05/30 12:32:23]-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Word 2010 [2015/01/07 20:48:40]-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft_VC100_CRT_SP1_x86 [20121007]-->MsiExec.exe /I{E3B64CC5-C011-40C0-92BC-7316CD5E5688}
Mobipocket Reader 6.1 [20130809]-->MsiExec.exe /I{7078C6C2-F5A5-4A5F-86A8-CD1301CA07DF}
Mozilla Firefox 34.0.5 (x86 en-US) [2015/01/12 18:31:23]-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service [2014/09/21 14:28:25]-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
MSVC80_x86_v2 [20121007]-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86 [20121007]-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT [20090421]-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB925673) [20081130]-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MSXML4 Parser [20090921]-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nástroj pro odesílání služby Windows Live [20090421]-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Nokia Connectivity Cable Driver [20070102]-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}
Nokia Connectivity Cable Driver [20121007]-->MsiExec.exe /I{A57025CC-5F2E-4D01-B387-06DB10500D43}
Nokia Suite [2012/10/07 15:39:34]-->C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3B69A712-4CBC-40B1-AE55-0203075FD093}\Installer.exe
Nokia Suite [20121007]-->MsiExec.exe /X{3B69A712-4CBC-40B1-AE55-0203075FD093}
Notepad++ [2013/12/08 14:21:28]-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA GeForce Experience 2.1.2 [20140921]-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Graphics Driver 344.11 [20140921]-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA HD Audio Driver 1.3.32.1 [20140921]-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA nView 141.33 [20140921]-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NView
NVIDIA nView Desktop Manager [2011/09/14 16:35:34]-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX [20140921]-->MsiExec.exe /I{B455E95A-B804-439F-B533-336B1635AE97}
NVIDIA PhysX System Software 9.14.0702 [20140921]-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
ODT Viewer version 1.0 [20140406]-->"C:\Program Files\ODT Viewer\unins000.exe"
OpenAL [2011/05/28 17:04:49]-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Palm Reader [2013/11/13 01:11:42]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}\setup.exe"
PC Connectivity Solution [20121007]-->MsiExec.exe /I{7390478C-8581-415E-92E9-2997D9306B81}
Psi+ [2014/08/23 09:10:46]-->C:\Program Files\Psi+\uninstall.exe
QuickTime [20130118]-->MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
Realtek High Definition Audio Driver [20071102]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Recuva [2015/01/11 12:23:23]-->"C:\Program Files\Recuva\uninst.exe"
Segoe UI [20090421]-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 6.14 [20140314]-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
Software602 Form Filler [20160725]-->MsiExec.exe /X{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}
Star Wars®: Knights of the Old Republic (TM) [2011/07/10 08:14:11]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\Setup.exe" -l0x9
Sunbelt Personal Firewall [20120720]-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0}
System Requirements Lab [2009/02/13 18:48:39]-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab CYRI [20140919]-->MsiExec.exe /I{705216C1-BA52-4B16-AFE4-4143B340D62D}
System Requirements Lab Detection [20130126]-->MsiExec.exe /X{A407FC22-36BF-4C82-A516-59D94BC505A9}
System Requirements Lab Test [20121020]-->MsiExec.exe /I{D62576C2-C084-4698-974A-5BE77714FDDD}
TeamSpeak 3 Client [2016/01/29 19:52:27]-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
To The Moon [20161025]-->"C:\Program Files\GOG.com\To The Moon\unins000.exe"
Ubisoft Game Launcher [20111013]-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Unity Web Player [2015/02/19 13:59:45]-->C:\Documents and Settings\Fanda\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe /CurrentUser
VC80CRTRedist - 8.0.50727.6195 [20130402]-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Viewpoint Media Player [2008/06/17 00:51:12]-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp [2008/02/18 21:42:37]-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Commander (Remove only) [2006/12/29 17:57:43]-->c:\wincmd\wcuninst.exe
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) [2012/10/07 15:38:49]-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_52F0DFAA648E25523CF0EE10FEDF6AC712ED34DB\pccsmcfd.inf
Windows Imaging Component [20081130]-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call [20110121]-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform [20110121]-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials [2011/01/21 10:29:11]-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials [20110121]-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live ID Sign-in Assistant [20110528]-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Messenger [20110121]-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Media Format 11 runtime [20080810]-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format 11 runtime [2011/09/28 15:14:46]-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11 [2008/08/10 21:18:38]-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11 [20080810]-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin [20090303]-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation [20081130]-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 [20090925]-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast(R) Display Driver [20061229]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x5 -removeonly
WinRAR 4.00 (32-bit) [2011/05/06 20:23:58]-->C:\Program Files\WinRAR\uninstall.exe
Xara Xtreme Pro 4 Trial [20110518]-->C:\Program Files\Xara\Xara Xtreme Pro 4\unwise.exe
Xbox 360 Controller for Windows [2008/04/11 09:53:44]-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

======Security center information======

FW: Sunbelt Personal Firewall

Securitycenter WMI appears to be broken

======System event log"======

Computer Name: OMGWTF-99IMRQTG
Event Code: 2511
Message: The server service was unable to recreate the share seltz because the directory C:\seltz no longer exists. Please run "net share seltz /delete" to delete the share, or recreate the directory C:\seltz.

Record Number: 50443
Source Name: Server
Time Written: 20161230115415.000000+060
Event Type: warning
User:

Computer Name: OMGWTF-99IMRQTG
Event Code: 2511
Message: The server service was unable to recreate the share quepasa because the directory C:\quepasa no longer exists. Please run "net share quepasa /delete" to delete the share, or recreate the directory C:\quepasa.

Record Number: 50442
Source Name: Server
Time Written: 20161230115415.000000+060
Event Type: warning
User:

Computer Name: OMGWTF-99IMRQTG
Event Code: 2511
Message: The server service was unable to recreate the share sw because the directory C:\share\sw no longer exists. Please run "net share sw /delete" to delete the share, or recreate the directory C:\share\sw.

Record Number: 50441
Source Name: Server
Time Written: 20161230115415.000000+060
Event Type: warning
User:

Record Number: 50440
Source Name: Server
Time Written: 20161230115415.000000+060
Event Type: warning
User:


Record Number: 50439
Source Name: Server
Time Written: 20161230115415.000000+060
Event Type: warning
User:

=====Application event log"=====

Computer Name: OMGWTF-99IMRQTG
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400

Record Number: 16547
Source Name: Office Software Protection Platform Service
Time Written: 20161224090853.000000+060
Event Type:
User:

Computer Name: OMGWTF-99IMRQTG
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400

Record Number: 16525
Source Name: Office Software Protection Platform Service
Time Written: 20161223093045.000000+060
Event Type:
User:

Computer Name: OMGWTF-99IMRQTG
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400

Record Number: 16501
Source Name: Office Software Protection Platform Service
Time Written: 20161222104755.000000+060
Event Type:
User:

Computer Name: OMGWTF-99IMRQTG
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400

Record Number: 16483
Source Name: Office Software Protection Platform Service
Time Written: 20161221123313.000000+060
Event Type:
User:

Computer Name: OMGWTF-99IMRQTG
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400

Record Number: 16468
Source Name: Office Software Protection Platform Service
Time Written: 20161221103318.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre7\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre7\lib\ext\QTJava.zip
"PSI_ENABLE_VIDEO"=1

-----------------EOF-----------------

[Rudy]

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[Aradiel]

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Dobrý den, zde je:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2017
Ran by Fanda (administrator) on OMGWTF-99IMRQTG (11-02-2017 13:29:51)
Running from C:\Documents and Settings\Fanda\Desktop
Loaded Profiles: Fanda (Available Profiles: Fanda)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
(InstallShield) C:\Program Files\KMS Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(InstallShield®) C:\Program Files\Common Files\InstallShield\Update\ISUSPM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(forum.viry.cz) C:\Documents and Settings\Fanda\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16855552 2007-10-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-09-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90EC9EEE-5959-4F21-B786-9BB29C29A239}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9AD141A4-166E-405B-9453-7AC2995BFAFB}: [NameServer] 94.142.233.120

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-261478967-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ww.seznam.cz/
HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-515967899-261478967-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-10-17] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default [2017-02-11]
FF user.js: detected! => C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\user.js [2016-03-02]
FF Homepage: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> hxxp://www.seznam.cz
FF NetworkProxy: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> http", "88.220.37.150"
FF NetworkProxy: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> http_port", 8080
FF NetworkProxy: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> socks_version", 4
FF NetworkProxy: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> type", 0
FF Extension: (Adblock Plus Pop-up Addon) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28]
FF Extension: (Classic Theme Restorer) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-06-11]
FF Extension: (Exif Viewer) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2017-01-21]
FF Extension: (uBlock Origin) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-25]
FF Extension: (Resurrect Pages) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-09-11]
FF Extension: (EPUBReader) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-01-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-06] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-05] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-08-03] ( )
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Fanda\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Fanda\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Fanda\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Fanda\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Fanda\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Fanda\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011-09-09] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Fanda\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Fanda\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [95528 2008-10-31] (Sunbelt Software, Inc.)
R2 SPF4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [1365288 2008-10-31] (Sunbelt Software, Inc.)
R4 Updater.exe; C:\Program Files\KMS Updater\Updater.exe [35328 2014-11-13] (InstallShield) [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 adusbser; C:\WINDOWS\System32\DRIVERS\adusbser.sys [93440 2006-10-23] (AnyDATA Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2006-12-29] (Meetinghouse Data Communications) [File not signed]
S3 Asushwio; C:\WINDOWS\System32\drivers\Asushwio.sys [5824 2004-04-27] () [File not signed]
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [279712 2013-11-16] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2009-08-31] (LogMeIn, Inc.)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed]
R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron ) [File not signed]
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [41216 2006-07-01] (JMicron Technology Corp.) [File not signed]
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2013-11-16] ()
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [129184 2014-09-17] (NVIDIA Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2006-12-31] (Padus, Inc.) [File not signed]
R3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [176128 2006-06-16] (Realtek Semiconductor Corporation )
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [270888 2008-10-31] (Sunbelt Software, Inc.)
R3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [65576 2008-06-21] (Sunbelt Software, Inc.)
R1 sbhips; C:\WINDOWS\system32\drivers\sbhips.sys [66600 2008-06-21] (Sunbelt Software, Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [697328 2010-07-07] () [File not signed]
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [230400 2005-03-30] (Marvell)
U3 a1q0h1j9; C:\WINDOWS\system32\Drivers\a1q0h1j9.sys [0 ] (JMicron Technology Corp.) <==== ATTENTION (zero byte File/Folder)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 13:29 - 2017-02-11 13:30 - 00018208 _____ C:\Documents and Settings\Fanda\Desktop\FRST.txt
2017-02-11 13:29 - 2017-02-11 13:29 - 00000000 ____D C:\FRST
2017-02-11 13:28 - 2017-02-11 13:28 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Fanda\Desktop\FRSTLauncher.exe
2017-02-11 13:26 - 2017-02-11 13:26 - 01763328 _____ (Farbar) C:\Documents and Settings\Fanda\Desktop\FRST.exe
2017-02-11 12:21 - 2017-02-11 12:21 - 00000000 ____D C:\rsit
2017-02-11 12:00 - 2017-02-11 12:00 - 00000466 _____ C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job
2017-02-11 12:00 - 2017-02-11 12:00 - 00000380 _____ C:\WINDOWS\Tasks\InstallShield® Update Service Scheduler.job
2017-02-06 02:14 - 2017-02-06 02:14 - 00000775 _____ C:\Documents and Settings\All Users\Desktop\EPUB File Reader.lnk
2017-02-06 02:14 - 2017-02-06 02:14 - 00000000 ____D C:\Program Files\EPUB File Reader
2017-02-06 02:14 - 2017-02-06 02:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPUB File Reader
2017-02-05 16:13 - 2017-02-05 16:13 - 00000000 ____D C:\ughu
2017-02-04 15:40 - 2017-02-05 16:13 - 00000000 ____D C:\kokooo
2017-02-03 15:40 - 2017-02-03 15:40 - 07759798 _____ C:\CloudPirates_170202_1753.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 13:30 - 2012-07-24 10:14 - 00000000 ____D C:\Documents and Settings\Fanda\Local Settings\temp
2017-02-11 13:27 - 2008-05-05 18:28 - 00000000 ____D C:\Documents and Settings\Fanda\Application Data\Skype
2017-02-11 13:25 - 2013-03-22 12:35 - 00020402 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-02-11 12:21 - 2011-03-21 17:17 - 00000000 ____D C:\Program Files\trend micro
2017-02-11 12:00 - 2006-12-29 17:34 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2017-02-11 09:49 - 2012-07-30 22:40 - 00000000 ____D C:\Documents and Settings\Fanda\Application Data\uTorrent
2017-02-11 09:05 - 2006-12-29 17:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 02:07 - 2008-07-14 12:51 - 00032466 _____ C:\WINDOWS\SchedLgU.Txt
2017-02-11 02:07 - 2006-12-29 17:57 - 00002735 _____ C:\WINDOWS\wincmd.ini
2017-02-11 02:07 - 2006-12-29 17:22 - 00000178 ___SH C:\Documents and Settings\Fanda\ntuser.ini
2017-02-10 09:14 - 2006-12-29 17:18 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-10 01:17 - 2015-01-07 20:48 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-02-09 12:40 - 2007-06-04 14:45 - 06082614 _____ C:\WINDOWS\ACD Wallpaper.bmp
2017-02-09 10:12 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-02-07 21:04 - 2012-08-12 17:39 - 00000000 ____D C:\Documents and Settings\Fanda\Application Data\TS3Client
2017-02-05 15:27 - 2007-01-02 18:39 - 00202240 _____ C:\Documents and Settings\Fanda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-04 15:16 - 2006-12-29 17:22 - 00000000 ____D C:\Documents and Settings\Fanda
2017-02-04 15:15 - 2012-06-05 22:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Steel Panthers World At War
2017-02-04 15:15 - 2012-03-08 21:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Mass Effect
2017-02-04 15:14 - 2007-04-11 00:53 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-30 11:08 - 2010-06-15 14:40 - 00002509 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2017-01-29 13:07 - 2016-06-07 11:56 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-24 12:00 - 2016-10-08 11:00 - 00000000 ____D C:\Documents and Settings\Fanda\Application Data\Flexera Software LLC

==================== Files in the root of some directories =======

2009-03-21 17:52 - 2009-03-21 17:52 - 0022328 _____ () C:\Documents and Settings\Fanda\Application Data\PnkBstrK.sys
2013-06-30 16:14 - 2013-07-01 17:40 - 0000376 _____ () C:\Documents and Settings\Fanda\Application Data\Microsoft\IMG_61846_359718.jpg
2007-01-02 18:39 - 2017-02-05 15:27 - 0202240 _____ () C:\Documents and Settings\Fanda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-04 19:59 - 2013-01-04 19:59 - 0000058 _____ () C:\Documents and Settings\Fanda\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2008-02-18 21:25 - 2008-02-18 21:25 - 0000128 _____ () C:\Documents and Settings\Fanda\Local Settings\Application Data\fusioncache.dat
2007-03-14 23:17 - 2010-05-04 11:21 - 0001369 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Files to move or delete:
====================
C:\Documents and Settings\Fanda\fbchathistory.dat


Some files in TEMP:
====================
2016-10-04 11:00 - 2017-02-11 12:00 - 0609480 _____ (Flexera Software LLC ) C:\Documents and Settings\Fanda\Local Settings\temp\wVx4rt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================


Available physical RAM: 1862.78 MB
Total physical RAM: 3071.04 MB
Percentage of memory in use: 39%

==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\InstallShield® Update Service Scheduler.job => C:\Program Files\Common Files\InstallShield\Update\ISUSPM.exe
Task: C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

FW: Sunbelt Personal Firewall (Disabled) {82B1150E-9B37-49FC-83EB-D52197D900D0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Fanda\Desktop" je 44 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help
"C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ7.1\\ICQ.exe"="C:\\Program Files\\ICQ7.1\\ICQ.exe:*:Enabled:ICQ7.1"
"C:\\Program Files\\ICQ7.1\\aolload.exe"="C:\\Program Files\\ICQ7.1\\aolload.exe:*:Enabled:aolload.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"="C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\\Program Files\\Steam\\SteamApps\\common\\dawn of war ii - retribution\\DOW2.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\dawn of war ii - retribution\\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II – Retribution™"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Fanda\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="C:\\Documents and Settings\\Fanda\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Program Files\\Common Files\\soft602\\langserv.exe"="C:\\Program Files\\Common Files\\soft602\\langserv.exe:*:Enabled:Software602 Spell Checker"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"24860:TCP"="24860:TCP:*:Enabled:BitComet 24860 TCP"
"24860:UDP"="24860:UDP:*:Enabled:BitComet 24860 UDP"
"17789:TCP"="17789:TCP:*:Enabled:BitComet 17789 TCP"
"17789:UDP"="17789:UDP:*:Enabled:BitComet 17789 UDP"
"80:UDP"="80:UDP:*:Enabled:BitComet 80 UDP"
"3445:TCP"="3445:TCP:*:Enabled:BitComet 3445 TCP"
"3445:UDP"="3445:UDP:*:Enabled:BitComet 3445 UDP"
"18478:TCP"="18478:TCP:*:Enabled:BitComet 18478 TCP"
"18478:UDP"="18478:UDP:*:Enabled:BitComet 18478 UDP"
"18042:TCP"="18042:TCP:*:Enabled:BitComet 18042 TCP"
"18042:UDP"="18042:UDP:*:Enabled:BitComet 18042 UDP"
"9771:TCP"="9771:TCP:*:Enabled:BitComet 9771 TCP"
"9771:UDP"="9771:UDP:*:Enabled:BitComet 9771 UDP"
"80:TCP"="80:TCP:*:Enabled:War Thunder"
"443:TCP"="443:TCP:*:Enabled:War Thunder"
"20010:UDP"="20010:UDP:*:Enabled:War Thunder"
"3478:UDP"="3478:UDP:*:Enabled:War Thunder"
"7850:TCP"="7850:TCP:*:Enabled:War Thunder"
"27022:TCP"="27022:TCP:*:Enabled:War Thunder"
"6881:TCP"="6881:TCP:*:Enabled:War Thunder"
"33333:TCP"="33333:TCP:*:Enabled:War Thunder"
"20443:TCP"="20443:TCP:*:Enabled:War Thunder"
"8090:TCP"="8090:TCP:*:Enabled:War Thunder"
"7852:TCP"="7852:TCP:*:Enabled:War Thunder"
"7853:TCP"="7853:TCP:*:Enabled:War Thunder"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[Aradiel]

Děkuji za pomoc, zde je log

# AdwCleaner v6.043 - Logfile created 11/02/2017 at 17:55:01
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-27.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Fanda - OMGWTF-99IMRQTG
# Running from : C:\Documents and Settings\Fanda\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder deleted: C:\Program Files\Viewpoint


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\Updater.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Headlight
[-] Key deleted: HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\ICQToolbar
[-] Key deleted: HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Headlight
[#] Key deleted on reboot: HKCU\Software\ICQToolbar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\MetaStream
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[-] Data restored: HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Main [Prev Search Bar]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar]
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5199 Bytes] - [11/02/2017 17:55:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [5226 Bytes] - [11/02/2017 17:53:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5345 Bytes] ##########

[Rudy]

Dejte nový log FRST.

[Aradiel]

Zde je:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2017
Ran by Fanda (administrator) on OMGWTF-99IMRQTG (11-02-2017 19:46:59)
Running from C:\Documents and Settings\Fanda\Desktop
Loaded Profiles: Fanda (Available Profiles: Fanda)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(forum.viry.cz) C:\Documents and Settings\Fanda\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16855552 2007-10-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-09-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90EC9EEE-5959-4F21-B786-9BB29C29A239}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9AD141A4-166E-405B-9453-7AC2995BFAFB}: [NameServer] 94.142.233.120

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-261478967-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ww.seznam.cz/
HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515967899-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-515967899-261478967-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-10-17] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default [2017-02-11]
FF user.js: detected! => C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\user.js [2016-03-02]
FF Homepage: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> hxxp://www.seznam.cz
FF NetworkProxy: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> http", "88.220.37.150"
FF NetworkProxy: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> http_port", 8080
FF NetworkProxy: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> socks_version", 4
FF NetworkProxy: C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default -> type", 0
FF Extension: (Adblock Plus Pop-up Addon) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28]
FF Extension: (Classic Theme Restorer) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-06-11]
FF Extension: (Exif Viewer) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2017-01-21]
FF Extension: (uBlock Origin) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-25]
FF Extension: (Resurrect Pages) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-09-11]
FF Extension: (EPUBReader) - C:\Documents and Settings\Fanda\Application Data\Mozilla\Firefox\Profiles\2tl4gbwd.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-01-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-06] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-05] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-08-03] ( )
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Fanda\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Fanda\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Fanda\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Fanda\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Fanda\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-261478967-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Fanda\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011-09-09] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-01-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Fanda\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Fanda\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [95528 2008-10-31] (Sunbelt Software, Inc.)
R2 SPF4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [1365288 2008-10-31] (Sunbelt Software, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 adusbser; C:\WINDOWS\System32\DRIVERS\adusbser.sys [93440 2006-10-23] (AnyDATA Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2006-12-29] (Meetinghouse Data Communications) [File not signed]
S3 Asushwio; C:\WINDOWS\System32\drivers\Asushwio.sys [5824 2004-04-27] () [File not signed]
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [279712 2013-11-16] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2009-08-31] (LogMeIn, Inc.)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed]
R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron ) [File not signed]
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [41216 2006-07-01] (JMicron Technology Corp.) [File not signed]
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2013-11-16] ()
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [129184 2014-09-17] (NVIDIA Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2006-12-31] (Padus, Inc.) [File not signed]
R3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [176128 2006-06-16] (Realtek Semiconductor Corporation )
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [270888 2008-10-31] (Sunbelt Software, Inc.)
R3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [65576 2008-06-21] (Sunbelt Software, Inc.)
R1 sbhips; C:\WINDOWS\system32\drivers\sbhips.sys [66600 2008-06-21] (Sunbelt Software, Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [697328 2010-07-07] () [File not signed]
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [230400 2005-03-30] (Marvell)
U3 anvv5si7; C:\WINDOWS\system32\Drivers\anvv5si7.sys [0 ] (JMicron Technology Corp.) <==== ATTENTION (zero byte File/Folder)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 17:56 - 2017-02-11 17:56 - 00033672 _____ C:\Documents and Settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-02-11 17:52 - 2017-02-11 17:55 - 00000000 ____D C:\AdwCleaner
2017-02-11 17:39 - 2017-02-11 17:39 - 04015056 _____ C:\Documents and Settings\Fanda\Desktop\adwcleaner_6.043.exe
2017-02-11 13:29 - 2017-02-11 19:47 - 00017638 _____ C:\Documents and Settings\Fanda\Desktop\FRST.txt
2017-02-11 13:29 - 2017-02-11 19:46 - 00000000 ____D C:\FRST
2017-02-11 13:28 - 2017-02-11 13:28 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Fanda\Desktop\FRSTLauncher.exe
2017-02-11 13:26 - 2017-02-11 13:26 - 01763328 _____ (Farbar) C:\Documents and Settings\Fanda\Desktop\FRST.exe
2017-02-11 12:21 - 2017-02-11 12:21 - 00000000 ____D C:\rsit
2017-02-11 12:00 - 2017-02-11 17:57 - 00000380 _____ C:\WINDOWS\Tasks\InstallShield® Update Service Scheduler.job
2017-02-11 12:00 - 2017-02-11 12:00 - 00000466 _____ C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job
2017-02-06 02:14 - 2017-02-06 02:14 - 00000775 _____ C:\Documents and Settings\All Users\Desktop\EPUB File Reader.lnk
2017-02-06 02:14 - 2017-02-06 02:14 - 00000000 ____D C:\Program Files\EPUB File Reader
2017-02-06 02:14 - 2017-02-06 02:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPUB File Reader
2017-02-05 16:13 - 2017-02-05 16:13 - 00000000 ____D C:\ughu
2017-02-04 15:40 - 2017-02-05 16:13 - 00000000 ____D C:\kokooo
2017-02-03 15:40 - 2017-02-03 15:40 - 07759798 _____ C:\CloudPirates_170202_1753.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 19:47 - 2012-07-24 10:14 - 00000000 ____D C:\Documents and Settings\Fanda\Local Settings\temp
2017-02-11 19:45 - 2008-05-05 18:28 - 00000000 ____D C:\Documents and Settings\Fanda\Application Data\Skype
2017-02-11 17:58 - 2013-03-22 12:35 - 00020402 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-02-11 17:56 - 2006-12-29 17:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 17:55 - 2008-07-14 12:51 - 00032466 _____ C:\WINDOWS\SchedLgU.Txt
2017-02-11 17:55 - 2006-12-29 17:22 - 00000178 ___SH C:\Documents and Settings\Fanda\ntuser.ini
2017-02-11 17:52 - 2006-12-29 17:57 - 00002761 _____ C:\WINDOWS\wincmd.ini
2017-02-11 12:21 - 2011-03-21 17:17 - 00000000 ____D C:\Program Files\trend micro
2017-02-11 12:00 - 2006-12-29 17:34 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2017-02-11 09:49 - 2012-07-30 22:40 - 00000000 ____D C:\Documents and Settings\Fanda\Application Data\uTorrent
2017-02-10 09:14 - 2006-12-29 17:18 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-10 01:17 - 2015-01-07 20:48 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-02-09 12:40 - 2007-06-04 14:45 - 06082614 _____ C:\WINDOWS\ACD Wallpaper.bmp
2017-02-09 10:12 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-02-07 21:04 - 2012-08-12 17:39 - 00000000 ____D C:\Documents and Settings\Fanda\Application Data\TS3Client
2017-02-05 15:27 - 2007-01-02 18:39 - 00202240 _____ C:\Documents and Settings\Fanda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-04 15:16 - 2006-12-29 17:22 - 00000000 ____D C:\Documents and Settings\Fanda
2017-02-04 15:15 - 2012-06-05 22:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Steel Panthers World At War
2017-02-04 15:15 - 2012-03-08 21:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Mass Effect
2017-02-04 15:14 - 2007-04-11 00:53 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-30 11:08 - 2010-06-15 14:40 - 00002509 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2017-01-29 13:07 - 2016-06-07 11:56 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-24 12:00 - 2016-10-08 11:00 - 00000000 ____D C:\Documents and Settings\Fanda\Application Data\Flexera Software LLC

==================== Files in the root of some directories =======

2009-03-21 17:52 - 2009-03-21 17:52 - 0022328 _____ () C:\Documents and Settings\Fanda\Application Data\PnkBstrK.sys
2013-06-30 16:14 - 2013-07-01 17:40 - 0000376 _____ () C:\Documents and Settings\Fanda\Application Data\Microsoft\IMG_61846_359718.jpg
2007-01-02 18:39 - 2017-02-05 15:27 - 0202240 _____ () C:\Documents and Settings\Fanda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-04 19:59 - 2013-01-04 19:59 - 0000058 _____ () C:\Documents and Settings\Fanda\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2008-02-18 21:25 - 2008-02-18 21:25 - 0000128 _____ () C:\Documents and Settings\Fanda\Local Settings\Application Data\fusioncache.dat
2007-03-14 23:17 - 2010-05-04 11:21 - 0001369 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Files to move or delete:
====================
C:\Documents and Settings\Fanda\fbchathistory.dat


Some files in TEMP:
====================
2016-10-04 11:00 - 2017-02-11 12:00 - 0609480 _____ (Flexera Software LLC ) C:\Documents and Settings\Fanda\Local Settings\temp\wVx4rt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Jarabák) (Fixed) (Total:298.08 GB) (Free:14.28 GB) NTFS ==>[drive with boot components (Windows XP)]

Available physical RAM: 2071.7 MB
Total physical RAM: 3071.04 MB
Percentage of memory in use: 32%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: F84FF84F)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\InstallShield® Update Service Scheduler.job => C:\Program Files\Common Files\InstallShield\Update\ISUSPM.exe
Task: C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

FW: Sunbelt Personal Firewall (Disabled) {82B1150E-9B37-49FC-83EB-D52197D900D0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Fanda\Desktop" je 48 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help
"C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ7.1\\ICQ.exe"="C:\\Program Files\\ICQ7.1\\ICQ.exe:*:Enabled:ICQ7.1"
"C:\\Program Files\\ICQ7.1\\aolload.exe"="C:\\Program Files\\ICQ7.1\\aolload.exe:*:Enabled:aolload.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"="C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\\Program Files\\Steam\\SteamApps\\common\\dawn of war ii - retribution\\DOW2.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\dawn of war ii - retribution\\DOW2.exe:*:Enabled:Warhammerr 40,000T: Dawn of Warr II - RetributionT"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Fanda\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="C:\\Documents and Settings\\Fanda\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Program Files\\Common Files\\soft602\\langserv.exe"="C:\\Program Files\\Common Files\\soft602\\langserv.exe:*:Enabled:Software602 Spell Checker"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"24860:TCP"="24860:TCP:*:Enabled:BitComet 24860 TCP"
"24860:UDP"="24860:UDP:*:Enabled:BitComet 24860 UDP"
"17789:TCP"="17789:TCP:*:Enabled:BitComet 17789 TCP"
"17789:UDP"="17789:UDP:*:Enabled:BitComet 17789 UDP"
"80:UDP"="80:UDP:*:Enabled:BitComet 80 UDP"
"3445:TCP"="3445:TCP:*:Enabled:BitComet 3445 TCP"
"3445:UDP"="3445:UDP:*:Enabled:BitComet 3445 UDP"
"18478:TCP"="18478:TCP:*:Enabled:BitComet 18478 TCP"
"18478:UDP"="18478:UDP:*:Enabled:BitComet 18478 UDP"
"18042:TCP"="18042:TCP:*:Enabled:BitComet 18042 TCP"
"18042:UDP"="18042:UDP:*:Enabled:BitComet 18042 UDP"
"9771:TCP"="9771:TCP:*:Enabled:BitComet 9771 TCP"
"9771:UDP"="9771:UDP:*:Enabled:BitComet 9771 UDP"
"80:TCP"="80:TCP:*:Enabled:War Thunder"
"443:TCP"="443:TCP:*:Enabled:War Thunder"
"20010:UDP"="20010:UDP:*:Enabled:War Thunder"
"3478:UDP"="3478:UDP:*:Enabled:War Thunder"
"7850:TCP"="7850:TCP:*:Enabled:War Thunder"
"27022:TCP"="27022:TCP:*:Enabled:War Thunder"
"6881:TCP"="6881:TCP:*:Enabled:War Thunder"
"33333:TCP"="33333:TCP:*:Enabled:War Thunder"
"20443:TCP"="20443:TCP:*:Enabled:War Thunder"
"8090:TCP"="8090:TCP:*:Enabled:War Thunder"
"7852:TCP"="7852:TCP:*:Enabled:War Thunder"
"7853:TCP"="7853:TCP:*:Enabled:War Thunder"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-261478967-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
U3 anvv5si7; C:\WINDOWS\system32\Drivers\anvv5si7.sys [0 ] (JMicron Technology Corp.) <==== ATTENTION (zero byte File/Folder)
S4 IntelIde; no ImagePath
C:\Documents and Settings\Fanda\fbchathistory.dat
C:\Documents and Settings\Fanda\Local Settings\temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Aradiel]

Zde:

Fix result of Farbar Recovery Scan Tool (x86) Version: 10-02-2017
Ran by Fanda (11-02-2017 21:37:10) Run:1
Running from C:\Documents and Settings\Fanda\Desktop
Loaded Profiles: Fanda (Available Profiles: Fanda)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-261478967-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
U3 anvv5si7; C:\WINDOWS\system32\Drivers\anvv5si7.sys [0 ] (JMicron Technology Corp.) <==== ATTENTION (zero byte File/Folder)
S4 IntelIde; no ImagePath
C:\Documents and Settings\Fanda\fbchathistory.dat
C:\Documents and Settings\Fanda\Local Settings\temp

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-515967899-261478967-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk => key removed successfully.
HKLM\System\CurrentControlSet\Services\anvv5si7 => key removed successfully.
anvv5si7 => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
C:\Documents and Settings\Fanda\fbchathistory.dat => moved successfully

"C:\Documents and Settings\Fanda\Local Settings\temp" folder move:

Could not move "C:\Documents and Settings\Fanda\Local Settings\temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 4096 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 10427 B
Java, Flash, Steam htmlcache => 1324826 B
Windows/system/dllcache/drivers => 16384 B
Edge => 0 B
Chrome => 0 B
Firefox => 526207476 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 16610 B
All Users => 0 B
systemprofile => 295138 B
LocalService => 510 B
NetworkService => 164200 B
Fanda => 2778031 B
UpdatusUser => 0 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 506.2 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-02-2017 21:41:46)

C:\Documents and Settings\Fanda\Local Settings\temp => moved successfully

==== End of Fixlog 21:41:46 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[Aradiel]

Vše vypadá v pořádku a funguje rychleji. Díky moc za pomoc

[Rudy]

OK, nemáte zač!