VIRY.CZ

Zkus to provést v Nouzovém režimu

v nouzáku to samé tak nevím sekne se a pak ani txt neudělal

vyzkoušíme http://forum.viry.cz/viewtopic.php?f=13&t=133100

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2014
Ran by Pospa (administrator) on ACER on 24-01-2014 15:39:20
Running from C:\Documents and Settings\Pospa\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Kenonic Controls Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN LLC.) C:\Documents and Settings\Pospa\Local Settings\Data aplikací\VNT\vntldr.exe
(CASIO COMPUTER CO.,LTD.) C:\Program Files\CASIO\Photo Loader\Plauto.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [VNT] - C:\Program Files\VNT\vntldr.exe [202192 2013-12-20] (APN LLC.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-18] (Google Inc.)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Photo Loader supervisory.lnk
ShortcutTarget: Photo Loader supervisory.lnk -> C:\Program Files\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {41564952-412D-5637-4300-7A786E7484D7} - No File
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {41564952-412D-5637-4300-7A786E7484D7} - No File
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 23 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Pospa\Data aplikací\Mozilla\Firefox\Profiles\541qk68u.default
FF Homepage: hxxp://www.seznam.cz
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Pospa\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Documents and Settings\Pospa\Data aplikací\Mozilla\Firefox\Profiles\541qk68u.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-01-24]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Documents and Settings\Pospa\Data aplikací\Mozilla\Firefox\Profiles\541qk68u.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2013-12-20]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-01-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: seznam.cz
CHR DefaultSearchProvider: Seznam
CHR DefaultSearchURL: http://search.seznam.cz/?q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Pospa\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\Documents and Settings\All Users\Data aplikací\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2013-08-30]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-01-17] (Sun Microsystems, Inc.)
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [547072 2007-06-21] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2012-05-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-05-06] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [24608 2000-02-03] ()
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
S3 QV2KUX; C:\Windows\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [x]
S3 AR5416; system32\DRIVERS\athw.sys [x]
S3 catchme; \??\C:\DOCUME~1\Pospa\LOCALS~1\Temp\catchme.sys [x]
S1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 ss_bbus; system32\DRIVERS\ss_bbus.sys [x]
S3 ss_bmdfl; system32\DRIVERS\ss_bmdfl.sys [x]
S3 ss_bmdm; system32\DRIVERS\ss_bmdm.sys [x]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 15:39 - 2014-01-24 15:40 - 00012164 _____ C:\Documents and Settings\Pospa\Plocha\FRST.txt
2014-01-24 15:36 - 2014-01-24 15:36 - 00112640 _____ C:\Documents and Settings\Pospa\Plocha\FRSTLauncher.exe
2014-01-24 15:34 - 2014-01-24 15:34 - 01222144 _____ (Farbar) C:\Documents and Settings\Pospa\Plocha\FRST.exe
2014-01-24 15:11 - 2014-01-24 15:20 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-01-24 15:03 - 2014-01-24 15:03 - 00000000 ____D C:\WINDOWS\CSC
2014-01-24 09:55 - 2014-01-24 09:55 - 00000000 ____D C:\Documents and Settings\Pospa\Plocha\kjkjkjkjkjkjkj
2014-01-24 09:39 - 2014-01-24 09:39 - 00000000 ___DC C:\_OTM
2014-01-24 09:39 - 2014-01-24 09:38 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Pospa\Plocha\OTM.exe
2014-01-23 18:47 - 2014-01-23 18:47 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-23 18:43 - 2014-01-23 18:43 - 01236282 _____ C:\Documents and Settings\Pospa\Plocha\adwcleaner.exe
2014-01-23 18:42 - 2014-01-23 18:42 - 01037068 _____ (Thisisu) C:\Documents and Settings\Pospa\Plocha\JRT.exe
2014-01-23 18:42 - 2014-01-23 18:42 - 00406264 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Pospa\Plocha\sc-cleaner.exe
2014-01-23 18:01 - 2014-01-23 18:01 - 00000000 ____D C:\Documents and Settings\Pospa\Local Settings\Data aplikací\AskPartnerNetwork
2014-01-23 15:48 - 2014-01-23 15:48 - 00000000 ____D C:\Documents and Settings\Pospa\Local Settings\Data aplikací\VNT
2014-01-23 15:47 - 2014-01-23 15:47 - 00000000 ____D C:\Program Files\VNT
2014-01-23 15:45 - 2014-01-23 15:45 - 00000000 ____D C:\Documents and Settings\Pospa\Data aplikací\Avira
2014-01-23 15:40 - 2014-01-23 15:40 - 00001713 _____ C:\Documents and Settings\All Users\Plocha\Avira Control Center.lnk
2014-01-23 15:40 - 2014-01-23 15:40 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2014-01-23 15:38 - 2014-01-23 15:40 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avira
2014-01-23 15:38 - 2014-01-23 15:38 - 00000000 ____D C:\Program Files\Avira
2014-01-23 15:38 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-01-23 15:38 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-01-23 15:38 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-01-23 15:38 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-01-22 22:12 - 2014-01-22 22:12 - 00012108 ____C C:\ComboFix.txt
2014-01-22 19:10 - 2014-01-22 19:10 - 00000554 _____ C:\Documents and Settings\Pospa\Plocha\Total Commander.lnk
2014-01-22 19:10 - 2014-01-22 19:10 - 00000000 ___DC C:\totalcmd
2014-01-22 19:10 - 2014-01-22 19:10 - 00000000 ____D C:\Documents and Settings\Pospa\Nabídka Start\Programy\Total Commander
2014-01-22 15:39 - 2014-01-22 15:39 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2014-01-22 15:39 - 2014-01-22 15:39 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-22 15:39 - 2014-01-22 15:39 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2014-01-22 15:38 - 2014-01-22 15:38 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2014-01-22 15:37 - 2014-01-22 15:37 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-22 15:03 - 2013-12-14 07:36 - 00000211 ____C C:\Boot.bak
2014-01-22 15:03 - 2004-08-03 23:00 - 00261312 _RSHC C:\cmldr
2014-01-22 14:53 - 2014-01-23 14:34 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-21 21:44 - 2014-01-24 07:58 - 00000000 ____D C:\Program Files\trend micro
2014-01-21 21:44 - 2014-01-21 21:44 - 00000000 ___DC C:\rsit
2014-01-21 21:01 - 2014-01-21 21:01 - 00000000 ___DC C:\379f701e6ba2311a031ab24661588ecc
2014-01-21 08:57 - 2014-01-21 08:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-21 08:56 - 2014-01-21 08:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-21 08:55 - 2014-01-21 08:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-21 08:53 - 2014-01-21 08:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-21 08:51 - 2014-01-21 08:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2014-01-21 08:40 - 2014-01-21 08:40 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\AVG
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-20 19:51 - 2007-06-18 11:03 - 00737280 ____R (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athr.sys
2014-01-20 08:41 - 2014-01-22 19:02 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\r2 Studios
2014-01-20 08:41 - 2014-01-20 08:41 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\r2 Studios
2014-01-18 22:18 - 2014-01-24 15:20 - 00281120 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-18 17:18 - 2014-01-18 17:18 - 00000383 _____ C:\Documents and Settings\Pospa\Plocha\2014.lnk
2014-01-17 14:15 - 2014-01-18 14:22 - 00047616 _____ C:\Documents and Settings\Pospa\Plocha\Čunderle.xls
2014-01-01 15:00 - 2014-01-01 15:00 - 00000000 ___RD C:\Documents and Settings\Pospa\Plocha\dílna spodek
2013-12-29 14:29 - 2014-01-24 15:17 - 00000400 _____ C:\WINDOWS\wiadebug.log
2013-12-29 14:29 - 2014-01-24 15:17 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-12-29 14:29 - 2013-12-29 14:29 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-27 14:44 - 2013-12-27 15:11 - 00000000 ___RD C:\Documents and Settings\Pospa\Plocha\toyota repas

==================== One Month Modified Files and Folders =======

2014-01-24 15:40 - 2014-01-24 15:39 - 00012164 _____ C:\Documents and Settings\Pospa\Plocha\FRST.txt
2014-01-24 15:39 - 2008-06-25 14:31 - 00000000 ____D C:\Documents and Settings\Pospa\Plocha
2014-01-24 15:36 - 2014-01-24 15:36 - 00112640 _____ C:\Documents and Settings\Pospa\Plocha\FRSTLauncher.exe
2014-01-24 15:34 - 2014-01-24 15:34 - 01222144 _____ (Farbar) C:\Documents and Settings\Pospa\Plocha\FRST.exe
2014-01-24 15:23 - 2001-10-25 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-24 15:20 - 2014-01-24 15:11 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-01-24 15:20 - 2014-01-18 22:18 - 00281120 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-24 15:17 - 2013-12-29 14:29 - 00000400 _____ C:\WINDOWS\wiadebug.log
2014-01-24 15:17 - 2013-12-29 14:29 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-24 15:17 - 2008-06-25 14:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-24 15:15 - 2008-06-25 14:31 - 00000178 ___SH C:\Documents and Settings\Pospa\ntuser.ini
2014-01-24 15:03 - 2014-01-24 15:03 - 00000000 ____D C:\WINDOWS\CSC
2014-01-24 14:55 - 2008-06-25 14:31 - 00000000 ____D C:\Documents and Settings\Pospa
2014-01-24 14:55 - 2008-06-25 14:30 - 00032490 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-24 10:39 - 2008-06-25 16:14 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2014-01-24 10:39 - 2008-06-25 16:14 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-01-24 10:39 - 2008-06-25 14:31 - 00000000 __RHD C:\Documents and Settings\Pospa\Data aplikací
2014-01-24 09:55 - 2014-01-24 09:55 - 00000000 ____D C:\Documents and Settings\Pospa\Plocha\kjkjkjkjkjkjkj
2014-01-24 09:39 - 2014-01-24 09:39 - 00000000 ___DC C:\_OTM
2014-01-24 09:38 - 2014-01-24 09:39 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Pospa\Plocha\OTM.exe
2014-01-24 07:58 - 2014-01-21 21:44 - 00000000 ____D C:\Program Files\trend micro
2014-01-23 19:57 - 2008-06-25 14:34 - 00001482 ____C C:\WINDOWS\WINCMD.INI
2014-01-23 18:47 - 2014-01-23 18:47 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-23 18:43 - 2014-01-23 18:43 - 01236282 _____ C:\Documents and Settings\Pospa\Plocha\adwcleaner.exe
2014-01-23 18:42 - 2014-01-23 18:42 - 01037068 _____ (Thisisu) C:\Documents and Settings\Pospa\Plocha\JRT.exe
2014-01-23 18:42 - 2014-01-23 18:42 - 00406264 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Pospa\Plocha\sc-cleaner.exe
2014-01-23 18:01 - 2014-01-23 18:01 - 00000000 ____D C:\Documents and Settings\Pospa\Local Settings\Data aplikací\AskPartnerNetwork
2014-01-23 18:01 - 2008-06-25 14:31 - 00000000 ___HD C:\Documents and Settings\Pospa\Local Settings\Data aplikací
2014-01-23 15:48 - 2014-01-23 15:48 - 00000000 ____D C:\Documents and Settings\Pospa\Local Settings\Data aplikací\VNT
2014-01-23 15:47 - 2014-01-23 15:47 - 00000000 ____D C:\Program Files\VNT
2014-01-23 15:45 - 2014-01-23 15:45 - 00000000 ____D C:\Documents and Settings\Pospa\Data aplikací\Avira
2014-01-23 15:40 - 2014-01-23 15:40 - 00001713 _____ C:\Documents and Settings\All Users\Plocha\Avira Control Center.lnk
2014-01-23 15:40 - 2014-01-23 15:40 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2014-01-23 15:40 - 2014-01-23 15:38 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avira
2014-01-23 15:40 - 2008-06-25 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2014-01-23 15:40 - 2008-06-25 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-01-23 15:38 - 2014-01-23 15:38 - 00000000 ____D C:\Program Files\Avira
2014-01-23 15:09 - 2010-11-18 09:30 - 00002477 _____ C:\Documents and Settings\Pospa\Plocha\Microsoft Office Excel 2007.lnk
2014-01-23 14:34 - 2014-01-22 14:53 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-23 14:34 - 2008-06-25 14:24 - 00000000 ____D C:\WINDOWS\system32\Restore
2014-01-23 13:42 - 2008-06-25 14:29 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-22 22:12 - 2014-01-22 22:12 - 00012108 ____C C:\ComboFix.txt
2014-01-22 22:00 - 2001-10-25 13:00 - 00000246 ____C C:\WINDOWS\system.ini
2014-01-22 20:07 - 2008-06-25 14:30 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-22 19:10 - 2014-01-22 19:10 - 00000554 _____ C:\Documents and Settings\Pospa\Plocha\Total Commander.lnk
2014-01-22 19:10 - 2014-01-22 19:10 - 00000000 ___DC C:\totalcmd
2014-01-22 19:10 - 2014-01-22 19:10 - 00000000 ____D C:\Documents and Settings\Pospa\Nabídka Start\Programy\Total Commander
2014-01-22 19:10 - 2008-06-25 14:31 - 00000000 ___RD C:\Documents and Settings\Pospa\Nabídka Start\Programy
2014-01-22 19:02 - 2014-01-20 08:41 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\r2 Studios
2014-01-22 18:38 - 2008-06-25 16:07 - 00000000 ____D C:\WINDOWS\repair
2014-01-22 15:40 - 2008-06-25 16:13 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-22 15:40 - 2008-06-25 16:13 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-22 15:40 - 2008-06-25 16:12 - 30932992 _____ C:\WINDOWS\system32\config\software.bak
2014-01-22 15:40 - 2008-06-25 16:12 - 09961472 _____ C:\WINDOWS\system32\config\system.bak
2014-01-22 15:40 - 2008-06-25 16:12 - 00262144 _____ C:\WINDOWS\system32\config\default.bak
2014-01-22 15:39 - 2014-01-22 15:39 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2014-01-22 15:39 - 2014-01-22 15:39 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-22 15:39 - 2014-01-22 15:39 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2014-01-22 15:38 - 2014-01-22 15:38 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2014-01-22 15:37 - 2014-01-22 15:37 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-22 15:03 - 2008-06-25 16:12 - 00000327 __RSH C:\boot.ini
2014-01-21 21:44 - 2014-01-21 21:44 - 00000000 ___DC C:\rsit
2014-01-21 21:01 - 2014-01-21 21:01 - 00000000 ___DC C:\379f701e6ba2311a031ab24661588ecc
2014-01-21 20:52 - 2010-11-17 21:45 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2014-01-21 20:48 - 2008-06-25 15:14 - 00000000 __SHD C:\Documents and Settings\Pospa\UserData
2014-01-21 20:33 - 2013-12-14 07:40 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-01-21 10:19 - 2008-06-25 16:15 - 01680034 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-21 10:04 - 2008-06-25 16:13 - 00270984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-21 09:00 - 2010-11-17 21:53 - 00000000 ____D C:\WINDOWS\ie8updates
2014-01-21 08:57 - 2014-01-21 08:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-21 08:56 - 2014-01-21 08:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-21 08:55 - 2014-01-21 08:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-21 08:53 - 2014-01-21 08:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-21 08:51 - 2014-01-21 08:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2014-01-21 08:45 - 2013-08-15 17:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-21 08:40 - 2014-01-21 08:40 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\AVG
2014-01-21 08:40 - 2008-06-25 14:30 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-21 08:00 - 2008-06-25 14:27 - 00001513 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2014-01-20 19:51 - 2008-06-25 14:40 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2014-01-20 17:17 - 2008-06-25 16:14 - 00001694 ____C C:\WINDOWS\system32\AUTOEXEC.NT
2014-01-20 16:51 - 2008-06-25 14:31 - 00000000 ___HD C:\Documents and Settings\Pospa\Okolní síť
2014-01-20 16:41 - 2011-01-01 17:07 - 00027648 _____ C:\Documents and Settings\Pospa\Plocha\domek 08.xls
2014-01-20 08:41 - 2014-01-20 08:41 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\r2 Studios
2014-01-19 17:12 - 2008-06-28 12:17 - 00000116 ____C C:\WINDOWS\NeroDigital.ini
2014-01-19 16:55 - 2010-11-18 12:53 - 00000000 ____D C:\Documents and Settings\Pospa\Data aplikací\vlc
2014-01-18 17:22 - 2013-11-30 17:26 - 00000000 ___RD C:\Documents and Settings\Pospa\Plocha\toyota bj40
2014-01-18 17:21 - 2012-05-01 14:14 - 00000000 ____D C:\Documents and Settings\Pospa\Plocha\Nová složka
2014-01-18 17:18 - 2014-01-18 17:18 - 00000383 _____ C:\Documents and Settings\Pospa\Plocha\2014.lnk
2014-01-18 17:12 - 2010-11-18 09:31 - 00002563 _____ C:\Documents and Settings\Pospa\Plocha\Microsoft Office Word 2007.lnk
2014-01-18 16:56 - 2008-06-25 14:31 - 00000000 ___RD C:\Documents and Settings\Pospa\Oblíbené položky
2014-01-18 14:22 - 2014-01-17 14:15 - 00047616 _____ C:\Documents and Settings\Pospa\Plocha\Čunderle.xls
2014-01-15 17:35 - 2013-01-11 15:52 - 00002347 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2014-01-06 16:28 - 2010-11-18 14:04 - 00000000 ____D C:\Documents and Settings\Pospa\Data aplikací\dvdcss
2014-01-06 16:20 - 2008-06-25 15:30 - 83425928 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-04 15:14 - 2012-10-20 18:28 - 00546816 ____R C:\Documents and Settings\Pospa\Local Settings\Data aplikací\vvddata.wrt
2014-01-01 15:00 - 2014-01-01 15:00 - 00000000 ___RD C:\Documents and Settings\Pospa\Plocha\dílna spodek
2014-01-01 13:30 - 2010-01-06 07:53 - 00079360 _____ C:\Documents and Settings\Pospa\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-29 14:29 - 2013-12-29 14:29 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-27 15:11 - 2013-12-27 14:44 - 00000000 ___RD C:\Documents and Settings\Pospa\Plocha\toyota repas

Some content of TEMP:
====================
C:\Documents and Settings\Pospa\Local Settings\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2004-08-17 14:49] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2004-08-17 14:49] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2004-08-17 14:44] - [2008-04-14 06:42] - 0052480 ___AC (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================

Avira SearchFree Toolbar (Version: 12.10.0.2951 - APN, LLC)
Balíček zprostředkovatele služby Microsoft Base Smart Card Cryptographic Service (Version: - Microsoft Corporation)
CCleaner (Version: 4.04 - Piriform)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
hp deskjet 940c series (Pouze odstranit) (Version: - )
HP Photo Printing Software (Version: - )
HP Precisionscan Pro 3.1 (Version: 3.1.2.0000 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (Version: - )
J2SE Runtime Environment 5.0 Update 4 (Version: 1.5.0.40 - Sun Microsystems, Inc.)
Java(TM) 6 Update 17 (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 5 (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Czech Language Pack (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (Czech) 12 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 cs) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Nero 6 Ultra Edition (Version: - )
Oprava hotfix aplikace Windows Media Player 11 (KB939683) (Version: - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB2158563) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB2443685) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB2570791) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB2633952) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB2756822) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB2779562) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB952287) (Version: 1 - Microsoft Corporation)
Oprava Hotfix systému Windows XP (KB961118) (Version: 1 - Microsoft Corporation)
PC Connectivity Solution (Version: 8.15.0.0 - Nokia)
Photo Loader 2.1E (Version: - )
PowerDVD (Version: 7.0.2211.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (Version: 5.10.0.5506 - Realtek Semiconductor Corp.)
Total Commander (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH)
Trellix Web Express Site Building (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
USB CASIO Digital Camera Device Driver (Version: - )
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.3 (Version: 1.0.3 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Defender (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Driver Package - Intel (NETw4x32) net (09/26/2007 11.5.0.32) (Version: 09/26/2007 11.5.0.32 - Intel)
Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37) (Version: 07/25/2007 9.0.4.37 - Intel)
Windows Driver Package - Intel net (09/26/2007 11.5.0.32) (Version: 09/26/2007 11.5.0.32 - Intel)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031517 - Microsoft Corporation)
WinRAR (Version: - )
WinZip (Version: - )

==================== Restore Points =========================

23-01-2014 13:34:57 Kontrolní bod systému
23-01-2014 13:59:38 avast! antivirus system restore point
24-01-2014 08:40:39 OTM Restore Point
24-01-2014 09:02:46 OTM Restore Point
24-01-2014 09:37:25 OTM Restore Point
24-01-2014 12:29:51 OTM Restore Point

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2014-01-23 15:38 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-06-25 15:46 - 2008-08-29 10:55 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2008-06-25 15:46 - 2008-09-03 15:28 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll
2013-12-13 07:46 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54454105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54454105.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Zařízení typu modem na sběrnici High Definition Audio
Description: Zařízení typu modem na sběrnici High Definition Audio
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2014 01:52:05 PM) (Source: Application Error) (User: )
Description: Chybující aplikace avgnt.exe, verze 14.0.2.254, chybující modul ccmsg.dll, verze 14.0.2.254, adresa chyby 0x0000990a.
Zpracování události, specifické pro médium ([avgnt.exe!ws!])

Error: (01/24/2014 11:06:43 AM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace explorer.exe, verze 6.0.2900.5512, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (01/24/2014 10:03:21 AM) (Source: Application Error) (User: )
Description: Chybující aplikace avgnt.exe, verze 14.0.2.254, chybující modul ccmsg.dll, verze 14.0.2.254, adresa chyby 0x0000990a.
Zpracování události, specifické pro médium ([avgnt.exe!ws!])

Error: (01/24/2014 09:41:15 AM) (Source: Application Error) (User: )
Description: Chybující aplikace avgnt.exe, verze 14.0.2.254, chybující modul ccmsg.dll, verze 14.0.2.254, adresa chyby 0x0000990a.
Zpracování události, specifické pro médium ([avgnt.exe!ws!])

Error: (01/23/2014 01:51:41 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace firefox.exe, verze 26.0.0.5087, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (01/23/2014 01:51:34 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace firefox.exe, verze 26.0.0.5087, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (01/22/2014 03:21:13 PM) (Source: Application Error) (User: )
Description: Chybující aplikace pev.exe, verze 0.0.0.0, chybující modul pev.exe, verze 0.0.0.0, adresa chyby 0x0008d1c0.
Zpracování události, specifické pro médium ([pev.exe!ws!])

Error: (01/21/2014 10:09:22 AM) (Source: Windows Search Service) (User: )
Description: Položka <C:\DOCUMENTS AND SETTINGS\POSPA\RECENT\DESKTOP.INI> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (01/21/2014 10:09:14 AM) (Source: Windows Search Service) (User: )
Description: Položka <C:\DOCUMENTS AND SETTINGS\POSPA\RECENT\DESKTOP.INI> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (01/21/2014 08:53:05 AM) (Source: Application Error) (User: )
Description: Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul ntdll.dll, verze 5.1.2600.6055, adresa chyby 0x000673be.
Zpracování události, specifické pro médium ([explorer.exe!ws!])


System errors:
=============
Error: (01/24/2014 03:15:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu %%1084 při pokusu o spuštění služby EventSystem s argumenty
za účelem spuštění serveru:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/24/2014 03:07:41 PM) (Source: Service Control Manager) (User: )
Description: Služba Windows Defender byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 15000 milisekund: Restartovat službu.

Error: (01/24/2014 03:04:55 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
avipbb
avkmgr
Fips
intelppm
NetworkX
ssmdrv

Error: (01/24/2014 03:04:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu %%1084 při pokusu o spuštění služby EventSystem s argumenty
za účelem spuštění serveru:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/24/2014 01:29:16 PM) (Source: Service Control Manager) (User: )
Description: Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/24/2014 01:29:16 PM) (Source: Service Control Manager) (User: )
Description: Služba Crypkey License byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/24/2014 01:29:16 PM) (Source: Service Control Manager) (User: )
Description: Služba Windows Defender byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 15000 milisekund: Restartovat službu.

Error: (01/24/2014 01:29:16 PM) (Source: Service Control Manager) (User: )
Description: Služba Cyberlink RichVideo Service(CRVS) byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/24/2014 10:36:49 AM) (Source: Service Control Manager) (User: )
Description: Služba Windows Defender byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 15000 milisekund: Restartovat službu.

Error: (01/24/2014 10:36:49 AM) (Source: Service Control Manager) (User: )
Description: Služba Cyberlink RichVideo Service(CRVS) byla neočekávaně ukončena. Tento stav nastal již 1krát.


Microsoft Office Sessions:
=========================
Error: (10/11/2013 04:52:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 735 seconds with 660 seconds of active time. This session ended with a crash.

Error: (06/05/2013 04:01:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1357 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (04/11/2013 01:53:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 476 seconds with 180 seconds of active time. This session ended with a crash.

Error: (07/12/2012 07:47:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 1013.92 MB
Available physical RAM: 420.49 MB
Total Pagefile: 2446.17 MB
Available Pagefile: 1687.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.06 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:35.46 GB) (Free:20.6 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:39.07 GB) (Free:10.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: D2DAD2DA)
Partition 1: (Active) - (Size=35 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Otevři Notepad (Start -> Spustit... -> notepad -> OK
zkopíruj tam tento zelený text Ulož jako fixlist.txt zde C:\Documents and Settings\Pospa\Plocha

spusť FRST a klik na Fix

restart a dej mi Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2014
Ran by Pospa at 2014-01-24 16:34:10 Run:1
Running from C:\Documents and Settings\Pospa\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-18] (Google Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - No Name - {41564952-412D-5637-4300-7A786E7484D7} - No File
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
DisableService: JavaQuickStarterService
DisableService: WinDefend
DisableService: APNMCP
DisableService: catchme
C:\Program Files\AskPartnerNetwork
S3 catchme; \??\C:\DOCUME~1\Pospa\LOCALS~1\Temp\catchme.sys [x]
S1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [x]
S4 IntelIde; No ImagePath
S3 ss_bbus; system32\DRIVERS\ss_bbus.sys [x]
S3 ss_bmdfl; system32\DRIVERS\ss_bmdfl.sys [x]
S3 ss_bmdm; system32\DRIVERS\ss_bmdm.sys [x]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
C:\Documents and Settings\Pospa\Plocha\adwcleaner.exe
C:\Documents and Settings\Pospa\Plocha\JRT.exe
C:\Documents and Settings\Pospa\Plocha\sc-cleaner.exe
C:\Documents and Settings\Pospa\Local Settings\Data aplikací\AskPartnerNetwork
C:\Documents and Settings\Pospa\Local Settings\temp\avgnt.exe
C:\Documents and Settings\LocalService\Data aplikací\AVG
C:\Documents and Settings\Pospa\Data aplikací\Azufcoz
C:\Documents and Settings\Pospa\Data aplikací\Opyvuxu
Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-4300-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} => Value deleted successfully.
HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{56F9679E-7826-4C84-81F3-532071A8BCC5} => Value deleted successfully.
HKCR\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5} => Key deleted successfully.
JavaQuickStarterService service was disabled
WinDefend service was disabled
APNMCP service was disabled
catchme service was disabled
"C:\Program Files\AskPartnerNetwork" => File/Directory not found.
catchme => Service deleted successfully.
DritekPortIO => Service deleted successfully.
IntelIde => Service deleted successfully.
ss_bbus => Service deleted successfully.
ss_bmdfl => Service deleted successfully.
ss_bmdm => Service deleted successfully.
UIUSys => Service deleted successfully.
C:\Documents and Settings\Pospa\Plocha\adwcleaner.exe => Moved successfully.
C:\Documents and Settings\Pospa\Plocha\JRT.exe => Moved successfully.
C:\Documents and Settings\Pospa\Plocha\sc-cleaner.exe => Moved successfully.
C:\Documents and Settings\Pospa\Local Settings\Data aplikací\AskPartnerNetwork => Moved successfully.
C:\Documents and Settings\Pospa\Local Settings\temp\avgnt.exe => Moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG => Moved successfully.
"C:\Documents and Settings\Pospa\Data aplikací\Azufcoz" => File/Directory not found.
"C:\Documents and Settings\Pospa\Data aplikací\Opyvuxu" => File/Directory not found.
Could not reset Hosts.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

Jaké máme ještě problémy?

pořád pomalý start

Jak velká je složka C:\Documents and Settings\Pospa\Plocha ?

dej aktuální RSIT

Velikost 939 MB , velikost na disku 940MB

Je to skoro dost - všechno se musí při startu načíst
Přesuň všechno (mimo mnou použité programy - ty se odstraní při úklidu) do nějaké složky
a na ploše nech jen zástupce
Jak vypadá ten RSIT?