VIRY.CZ

Zdravím,
od soboty mi ESET stále vyhazuje varování na hxxp://utils.cdneurope.com/js/mo.jsii - údajně JS/Kryptik.I trojský kůň.
Vypadá to, že všechno funguje normálně, pouze se při každém otvírání nějaké stránky objeví varování o přesunu výše uvedené potvory do karantény.
Test antivirem proběhne v pořádku.
Můžete mi někdo poradit?
Díky Pavel

:// odkaz upraveny JaRon

Posílám log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2014-05-12 15:12:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 69 GB (69%) free of 100 GB
Total RAM: 1789 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\EPUpdater.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1003.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data

aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-08-30 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-12 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\13.2.0.3\AVG Secure Search_toolbar.dll [2013-03-08 1792968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-08 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-12 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\13.2.0.3\AVG Secure Search_toolbar.dll [2013-03-08 1792968]
{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - SiteFinder - C:\Program Files\SiteFinder\SiteFinder.dll [2014-03-06 367104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-02 98304]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-18 737280]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-02-03 287288]
"HPCam_Menu"=c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-08-30 273528]
"MobileBroadband"=C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2011-07-14 279552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-11-26 5074384]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2013-04-10 1151152]
"ROC_roc_ssl_v12"=C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe [2013-03-08 1020512]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-05-18 2363392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-01 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90163839.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\90163839.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-05-07 13:37:19 ----D---- C:\Documents and Settings\Owner\Data aplikací\SiteFinder
2014-05-07 13:37:18 ----D---- C:\Program Files\SiteLookup
2014-05-07 13:37:06 ----D---- C:\Program Files\SiteFinder
2014-05-07 13:37:02 ----D---- C:\Documents and Settings\Owner\Data aplikací\SimilarSites
2014-04-15 19:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-04-15 19:19:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$
2014-04-15 19:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$
2014-04-15 19:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2929961$
2014-04-15 19:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$
2014-04-15 19:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2930275$
2014-04-15 18:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$
2014-04-15 18:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$
2014-04-15 18:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2934207$
2014-04-15 18:50:14 ----SHD---- C:\Config.Msi
2014-04-15 18:48:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$
2014-04-14 18:46:23 ----N---- C:\WINDOWS\system32\xp_eos.exe

======List of files/folders modified in the last 1 months======

2014-05-12 15:12:44 ----D---- C:\Program Files\trend micro
2014-05-12 14:53:14 ----SD---- C:\WINDOWS\Tasks
2014-05-12 14:30:49 ----D---- C:\WINDOWS\temp
2014-05-12 12:36:08 ----D---- C:\WINDOWS\Prefetch
2014-05-11 23:15:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-11 22:35:55 ----D---- C:\Program Files\AutoCAD R14
2014-05-10 22:47:34 ----RD---- C:\Program Files
2014-05-10 21:13:07 ----SHD---- C:\WINDOWS\Installer
2014-05-07 13:37:37 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-02 18:37:19 ----A---- C:\WINDOWS\ModemLog_Vodafone Mobile Broadband Modem (Huawei).txt
2014-04-16 09:20:27 ----RSD---- C:\WINDOWS\assembly
2014-04-16 09:20:27 ----D---- C:\WINDOWS\Microsoft.NET
2014-04-16 06:34:29 ----D---- C:\WINDOWS
2014-04-16 06:32:33 ----D---- C:\WINDOWS\system32
2014-04-16 06:32:32 ----D---- C:\Program Files\Microsoft Silverlight
2014-04-15 19:20:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-04-15 19:20:05 ----HD---- C:\WINDOWS\inf
2014-04-15 19:20:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-15 19:19:58 ----A---- C:\WINDOWS\imsins.BAK
2014-04-15 19:12:51 ----D---- C:\WINDOWS\WinSxS
2014-04-15 19:12:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-15 18:57:28 ----D---- C:\WINDOWS\system32\MRT
2014-04-15 18:52:57 ----D---- C:\Program Files\Internet Explorer
2014-04-15 18:48:01 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-10-08 159832]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2012-10-08 62512]
R1 tcpipBM;Bytemobile Kernel Network Provider; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 ASIXIo;ASIXIo; \??\C:\WINDOWS\system32\Drivers\asixio.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-02-18 113536]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-02 3597824]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-07-29 1735040]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-01-14 534568]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-01-14 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-01-14 991656]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-01-14 156816]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-01-14 47272]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2012-10-08 40376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 huawei_enumerator;huawei_enumerator; C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 73344]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-03-26 1765168]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-30 1550891]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesDriver32.sys []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum; C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 80000]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-03-27 296960]
S1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF15BDA;AF9015 BDA Device; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2012-01-26 483200]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2011-07-12 192768]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 OlyCamComm;OLYMPUS USB Communication Device; C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys [2009-09-10 21648]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-05-22 5632]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-01 602112]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-12-11 346720]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-11-26 1329304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-09-12 182696]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-05-18 73728]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe [2013-10-12 1739064]
R2 VmbService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-04-10 968880]
R2 xmengine service;CryptoPlus XME Engine Service; C:\WINDOWS\system32\xmesrv.exe [2007-01-18 28672]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-02-03 209464]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-21 228656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-02 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1ca2ff55364e1b6;Služba Google Update (gupdate1ca2ff55364e1b6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-08 194104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-31 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Zdravím, díky a vkládám zatím log z JRT, log z ADWCleaneru bude následovat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on po 12.05.2014 at 16:05:17,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-583907252-1450960922-1417001333-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Data aplikacˇ\opencandy"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Data aplikacˇ\similarsites"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Data aplikacˇ\sitefinder"
Successfully deleted: [Folder] "C:\Program Files\sitefinder"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Data aplikacˇ\mozilla\firefox\profiles\qplye22f.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Owner\Data aplikacˇ\mozilla\firefox\profiles\qplye22f.default\invalidprefs.js
Successfully deleted the following from C:\Documents and Settings\Owner\Data aplikacˇ\mozilla\firefox\profiles\qplye22f.default\prefs.js

user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 1&tsp=5240");
user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 1&tsp=5240");
Emptied folder: C:\Documents and Settings\Owner\Data aplikacˇ\mozilla\firefox\profiles\qplye22f.default\minidumps [4 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 12.05.2014 at 16:11:53,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Posílám log z AdwCleaneru:

# AdwCleaner v3.208 - Report created 12/05/2014 at 16:23:11
# Updated 11/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - SASA
# Running from : C:\Documents and

Settings\Owner\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater14.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data

aplikací\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Data

aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Data

aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Data aplikací\AVG

Secure Search
File Deleted : C:\Documents and Settings\Owner\Data

aplikací\Mozilla\Firefox\Profiles\qplye22f.default\searchplugins\buen

osearch.xml
File Deleted : C:\WINDOWS\Tasks\EPUpdater.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions

[Avg@toolbar]
Key Deleted :

HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpbl

of
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety

plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

[{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet

Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure

Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

Management\ARPCache\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Documents and Settings\admin\Data

aplikací\Mozilla\Firefox\Profiles\4mlb4m13.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG

Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure

Search");
Line Deleted : user_pref("browser.startup.homepage",

"hxxps://isearch.avg.com/?cid={118F571A-0879-4863-B8CC-3AAFC1C104FA}&

mid=Unknown&lang=cs&ds=gm011&pr=sa&d=2013-03-08

09:48:21&v=13.2.0.3&sap=hp");
Line Deleted : user_pref("keyword.URL",

"hxxps://isearch.avg.com/search?cid={118F571A-0879-4863-B8CC-3AAFC1C1

04FA}&mid=Unknown&lang=cs&ds=gm011&pr=sa&d=2013-03-08

09:48:21&v=13.2.0.3&sap=ku&q=");

[ File : C:\Documents and Settings\Owner\Data

aplikací\Mozilla\Firefox\Profiles\qplye22f.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Documents and Settings\admin\Local Settings\Data

aplikací\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Owner\Local Settings\Data

aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] :

hxxp://www.buenosearch.com/?q={searchTerms}&ba ... trId=143F0

025B35CEA5E&affID=128492&tt=240414_41&tsp=5240
Deleted [Startup_urls] :

hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... CEA5E&affI

D=128492&tt=240414_41&tsp=5240
Deleted [Homepage] :

hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... CEA5E&affI

D=128492&tt=240414_41&tsp=5240

*************************

AdwCleaner[R0].txt - [3980 octets] - [12/05/2014 16:20:18]
AdwCleaner[S0].txt - [3963 octets] - [12/05/2014 16:23:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4023 octets]

##########

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Tak teď se raději zeptám, abych neudělal nějakou chybku - píšete o Win 7 nebo Vista, ale já mám stále ještě XP. Takže to mám spustit jak?

Nic se nedeje, klidne se ptejte

Spustte tedy klasicky dvojklikem

Díky
Posílám Log ze Zoek:


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Owner on po 12.05.2014 at 17:06:08,78.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Owner\Plocha\zoek.exe [Scan all

users] [Script inserted]

==== System Restore Info ======================

12.5.2014 17:07:51 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host

name.
# The IP address and the host name should be separated by at least

one
# space.
#
# Additionally, comments (such as these) may be inserted on

individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-583907252-1450960922-1417001333-1003\Software\Mic

rosoft\Windows\CurrentVersion\Ext\Stats\{CCC7B159-1D8C-11E3-B2AD-F3EF

3D58318D} deleted successfully
HKEY_USERS\S-1-5-21-583907252-1450960922-1417001333-1003\Software\Mic

rosoft\Windows\CurrentVersion\Ext\Settings\{CCC7B159-1D8C-11E3-B2AD-F

3EF3D58318D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer

Bars\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}

deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\microsoft\internet

explorer\urlsearchhooks\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}

deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet

Explorer\Toolbar\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} deleted

successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\DATAAP~1\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\Documents and Settings\Owner\QChk.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ff-bmboc@bytemobile.com"="C:\Program Files\Vodafone\Vodafone Mobile

Broadband\Optimization Client\addon" [21.03.2012 10:23]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\Documents and Settings\All

Users\Data

aplikacˇ\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.

crx[30.08.2011 10:27]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/sr

chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing

Url="http://www.bing.com/search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google

Url="http://www.google.com/search?q={searchT ... .microsoft:{

language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startInd

ex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\admin\Local

Settings\temp\acrord32_sbx\Temporary Internet Files\Content.IE5

emptied successfully
C:\Documents and Settings\admin\Local Settings\Temporary Internet

Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary

Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary

Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Owner\Local

Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5

emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary

Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary

Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary

Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Owner\Local Settings\Temporary Internet

Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=1 2402821 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Owner\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary

Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Owner\Local Settings\Temporary Internet

Files\Content.IE5\index.dat" not deleted

==== EOF on po 12.05.2014 at 17:17:09,56 ======================

Supr, poprosim nyni FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

posílám FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by Owner (administrator) on SASA on 12-05-2014 17:42:29
Running from C:\Documents and Settings\Owner\Plocha
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(AVG) C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe
(Monet+, a.s.) C:\WINDOWS\system32\xmesrv.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(AVG) C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesApp32.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Broadcom Corporation.) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(forum.viry.cz) C:\Documents and Settings\Owner\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2009-02-18] (Andrea Electronics Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287288 2009-02-03] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HPCam_Menu] => c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273528 2011-08-30] (RealNetworks, Inc.)
HKLM\...\Run: [MobileBroadband] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [279552 2011-07-14] (Vodafone)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5074384 2012-11-26] (ESET)
HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-583907252-1450960922-1417001333-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-18] (Hewlett-Packard Company)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 208.67.222.222

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\qplye22f.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.666 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.666 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.666 - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.666 - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.666 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Site Matcher - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\qplye22f.default\Extensions\sitematcher@sitematcher.com [2014-05-07]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\qplye22f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-08-30]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-02-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Data aplikac\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Data aplikac\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-08-30]
CHR Extension: (Penenka Google) - C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-08-30]

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-07-02] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1329304 2012-11-26] (ESET)
S2 gupdate1ca2ff55364e1b6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-09-07] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-09-12] (Oracle Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [254042 2009-03-30] (IDT, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe [1739064 2013-10-12] (AVG)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-07-14] (Vodafone)
R2 xmengine service; C:\WINDOWS\system32\xmesrv.exe [28672 2007-01-18] (Monet+, a.s.)

==================== Drivers (Whitelisted) ====================

R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113536 2009-02-18] (Andrea Electronics Corporation)
S3 AF15BDA; C:\WINDOWS\System32\DRIVERS\AF15BDA.sys [483200 2012-01-26] (ITETech )
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R2 ASIXIo; C:\WINDOWS\system32\Drivers\asixio.sys [3078 2011-05-12] (ASIX s.r.o)
S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-04-10] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1735040 2009-07-29] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534568 2009-01-14] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2009-01-14] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2009-01-14] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-01-14] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [159832 2012-10-08] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [121216 2012-10-08] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [149568 2012-10-08] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [40376 2012-10-08] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [62512 2012-10-08] (ESET)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 OlyCamComm; C:\WINDOWS\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1765168 2009-03-26] ()
S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2012-05-22] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1550891 2009-03-30] (IDT, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
R3 vodafone_K3805-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [80000 2010-09-01] (Vodafone)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296960 2009-03-27] (Marvell)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CertPropSvc;
U4 epfwtdir; system32\DRIVERS\epfwtdir.sys [X]
S4 IntelIde; No ImagePath
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 17:42 - 2014-05-12 17:42 - 00019434 _____ () C:\Documents and Settings\Owner\Plocha\FRST.txt
2014-05-12 17:42 - 2014-05-12 17:42 - 00000000 ____D () C:\FRST
2014-05-12 17:40 - 2014-05-12 17:40 - 01056256 _____ (Farbar) C:\Documents and Settings\Owner\Plocha\FRST.exe
2014-05-12 17:40 - 2014-05-12 17:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Owner\Plocha\FRSTLauncher.exe
2014-05-12 17:18 - 2014-05-12 17:18 - 00000000 ____D () C:\Zoek
2014-05-12 17:15 - 2014-05-12 17:05 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-12 17:07 - 2014-05-12 17:17 - 00007111 _____ () C:\zoek-results.log
2014-05-12 17:05 - 2014-05-12 17:13 - 00000000 ____D () C:\zoek_backup
2014-05-12 17:01 - 2014-05-12 17:01 - 01285120 _____ () C:\Documents and Settings\Owner\Plocha\zoek.exe
2014-05-12 16:20 - 2014-05-12 16:26 - 00000000 ____D () C:\AdwCleaner
2014-05-12 16:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-12 16:17 - 2014-05-12 16:17 - 01325827 _____ () C:\Documents and Settings\Owner\Plocha\adwcleaner.exe
2014-05-12 16:13 - 2014-05-12 16:14 - 00000000 ____D () C:\JRT
2014-05-12 16:05 - 2014-05-12 16:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-12 16:04 - 2014-05-12 16:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\Owner\Plocha\JRT.exe
2014-05-12 15:57 - 2014-05-12 15:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 15:12 - 2014-05-12 15:12 - 00781909 _____ () C:\Documents and Settings\Owner\Plocha\RSIT.exe
2014-05-10 22:42 - 2014-05-10 22:42 - 00000041 _____ () C:\Documents and Settings\Owner\Plocha\Výsledek testu ESET.txt
2014-05-07 13:37 - 2014-05-07 13:37 - 00000000 ____D () C:\Program Files\SiteLookup
2014-05-07 13:35 - 2014-05-07 13:35 - 25016640 _____ (PortableApps.com) C:\Documents and Settings\Owner\Plocha\BlenderPortable_2.60a.paf.exe
2014-04-16 06:33 - 2014-05-12 17:16 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-04-16 06:33 - 2014-05-10 20:54 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-04-15 19:20 - 2014-04-15 19:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-15 19:19 - 2014-04-15 19:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-04-15 19:19 - 2014-04-15 19:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-04-15 19:19 - 2014-04-15 19:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-04-15 19:18 - 2014-04-15 19:18 - 00129240 _____ () C:\WINDOWS\KB2904266.log
2014-04-15 19:18 - 2014-04-15 19:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-15 19:18 - 2014-04-15 19:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-04-15 19:10 - 2014-04-15 19:10 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Data aplikací\Microsoft Help
2014-04-15 18:59 - 2014-04-15 18:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-04-15 18:58 - 2014-04-15 18:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-04-15 18:54 - 2014-04-15 18:54 - 00129132 _____ () C:\WINDOWS\KB2934207.log
2014-04-15 18:54 - 2014-04-15 18:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-04-15 18:53 - 2014-04-15 18:53 - 00009605 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-04-15 18:52 - 2014-04-15 18:53 - 00012469 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-15 18:48 - 2014-04-15 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-04-15 18:47 - 2014-04-15 18:48 - 00005517 _____ () C:\WINDOWS\KB2914368.log
2014-04-15 12:57 - 2014-04-15 12:57 - 00001602 _____ () C:\Documents and Settings\Owner\Plocha\Mozilla Firefox.lnk
2014-04-14 18:48 - 2014-04-15 19:20 - 00136245 _____ () C:\WINDOWS\KB2922229.log
2014-04-14 18:48 - 2014-04-15 19:19 - 00136058 _____ () C:\WINDOWS\KB2916036.log
2014-04-14 18:48 - 2014-04-15 19:19 - 00135519 _____ () C:\WINDOWS\KB2898715.log
2014-04-14 18:48 - 2014-04-15 19:19 - 00134187 _____ () C:\WINDOWS\KB2929961.log
2014-04-14 18:47 - 2014-04-15 19:18 - 00136803 _____ () C:\WINDOWS\KB2930275.log
2014-04-14 18:47 - 2014-04-15 18:59 - 00133649 _____ () C:\WINDOWS\KB2893294.log
2014-04-14 18:47 - 2014-04-15 18:58 - 00133199 _____ () C:\WINDOWS\KB2892075.log
2014-04-14 18:46 - 2014-02-27 01:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-04-14 18:46 - 2014-02-27 01:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe

==================== One Month Modified Files and Folders =======

2014-05-12 17:43 - 2011-08-30 10:27 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1003.job
2014-05-12 17:43 - 2011-08-30 10:27 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1003.job
2014-05-12 17:42 - 2014-05-12 17:42 - 00019434 _____ () C:\Documents and Settings\Owner\Plocha\FRST.txt
2014-05-12 17:42 - 2014-05-12 17:42 - 00000000 ____D () C:\FRST
2014-05-12 17:42 - 2009-07-29 14:57 - 00000000 ___HD () C:\Documents and Settings\Owner\Local Settings\Data aplikací
2014-05-12 17:42 - 2009-07-29 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Plocha
2014-05-12 17:40 - 2014-05-12 17:40 - 01056256 _____ (Farbar) C:\Documents and Settings\Owner\Plocha\FRST.exe
2014-05-12 17:40 - 2014-05-12 17:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Owner\Plocha\FRSTLauncher.exe
2014-05-12 17:34 - 2009-07-29 14:52 - 01474564 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-12 17:18 - 2014-05-12 17:18 - 00000000 ____D () C:\Zoek
2014-05-12 17:17 - 2014-05-12 17:07 - 00007111 _____ () C:\zoek-results.log
2014-05-12 17:16 - 2014-04-16 06:33 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-05-12 17:16 - 2011-09-23 18:38 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1004.job
2014-05-12 17:16 - 2009-09-07 22:06 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 17:16 - 2009-07-29 15:38 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-05-12 17:16 - 2009-07-29 15:38 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-12 17:16 - 2009-07-29 14:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-12 17:16 - 2009-07-02 18:44 - 00173776 _____ () C:\WINDOWS\system32\ativvaxx.cap
2014-05-12 17:16 - 2008-04-14 14:00 - 00013736 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-12 17:15 - 2014-01-23 08:31 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-05-12 17:15 - 2009-07-29 14:57 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-05-12 17:15 - 2009-07-29 14:55 - 00032450 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-12 17:13 - 2014-05-12 17:05 - 00000000 ____D () C:\zoek_backup
2014-05-12 17:13 - 2009-09-07 22:06 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 17:13 - 2009-07-29 15:34 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-05-12 17:13 - 2009-07-29 14:57 - 00000000 ____D () C:\Documents and Settings\Owner
2014-05-12 17:05 - 2014-05-12 17:15 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-12 17:01 - 2014-05-12 17:01 - 01285120 _____ () C:\Documents and Settings\Owner\Plocha\zoek.exe
2014-05-12 16:26 - 2014-05-12 16:20 - 00000000 ____D () C:\AdwCleaner
2014-05-12 16:25 - 2012-05-03 12:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 16:24 - 2013-09-11 18:37 - 01495908 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-583907252-1450960922-1417001333-1003-0.dat
2014-05-12 16:24 - 2013-09-10 22:47 - 00334322 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2014-05-12 16:23 - 2009-08-04 14:05 - 00000000 ___HD () C:\Documents and Settings\admin\Local Settings\Data aplikací
2014-05-12 16:18 - 2009-08-18 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Dokumenty\Stažené soubory
2014-05-12 16:17 - 2014-05-12 16:17 - 01325827 _____ () C:\Documents and Settings\Owner\Plocha\adwcleaner.exe
2014-05-12 16:14 - 2014-05-12 16:13 - 00000000 ____D () C:\JRT
2014-05-12 16:06 - 2009-07-29 14:57 - 00000000 __RHD () C:\Documents and Settings\Owner\Data aplikací
2014-05-12 16:05 - 2014-05-12 16:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-12 16:04 - 2014-05-12 16:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\Owner\Plocha\JRT.exe
2014-05-12 15:57 - 2014-05-12 15:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 15:13 - 2012-12-18 19:33 - 00000000 ____D () C:\rsit
2014-05-12 15:12 - 2014-05-12 15:12 - 00781909 _____ () C:\Documents and Settings\Owner\Plocha\RSIT.exe
2014-05-12 15:12 - 2012-12-18 19:33 - 00000000 ____D () C:\Program Files\trend micro
2014-05-11 22:35 - 2009-11-09 14:44 - 00000000 ____D () C:\Program Files\AutoCAD R14
2014-05-10 22:42 - 2014-05-10 22:42 - 00000041 _____ () C:\Documents and Settings\Owner\Plocha\Výsledek testu ESET.txt
2014-05-10 20:54 - 2014-04-16 06:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-05-07 13:37 - 2014-05-07 13:37 - 00000000 ____D () C:\Program Files\SiteLookup
2014-05-07 13:35 - 2014-05-07 13:35 - 25016640 _____ (PortableApps.com) C:\Documents and Settings\Owner\Plocha\BlenderPortable_2.60a.paf.exe
2014-05-07 11:47 - 2009-09-07 21:55 - 00000960 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2014-05-02 18:38 - 2011-09-23 18:38 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1004.job
2014-05-02 18:37 - 2009-08-04 14:05 - 00000178 ___SH () C:\Documents and Settings\admin\ntuser.ini
2014-04-29 12:14 - 2011-08-30 10:26 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-04-24 07:25 - 2009-07-29 14:57 - 00000000 ___RD () C:\Documents and Settings\Owner\Nabídka Start
2014-04-23 10:25 - 2009-07-30 14:40 - 00111104 _____ () C:\Documents and Settings\Owner\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-16 09:20 - 2009-07-29 15:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-04-16 06:32 - 2013-10-11 09:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-16 06:32 - 2009-07-29 15:34 - 00372080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-15 19:20 - 2014-04-15 19:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-15 19:20 - 2014-04-14 18:48 - 00136245 _____ () C:\WINDOWS\KB2922229.log
2014-04-15 19:20 - 2013-10-16 08:36 - 00132295 _____ () C:\WINDOWS\setupapi.log
2014-04-15 19:20 - 2010-09-29 09:28 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-04-15 19:20 - 2009-07-29 15:35 - 01377912 _____ () C:\WINDOWS\FaxSetup.log
2014-04-15 19:20 - 2009-07-29 15:35 - 00668001 _____ () C:\WINDOWS\ocgen.log
2014-04-15 19:20 - 2009-07-29 15:35 - 00530326 _____ () C:\WINDOWS\tsoc.log
2014-04-15 19:20 - 2009-07-29 15:35 - 00469998 _____ () C:\WINDOWS\comsetup.log
2014-04-15 19:20 - 2009-07-29 15:35 - 00283297 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-15 19:20 - 2009-07-29 15:35 - 00218212 _____ () C:\WINDOWS\iis6.log
2014-04-15 19:20 - 2009-07-29 15:35 - 00086191 _____ () C:\WINDOWS\ocmsn.log
2014-04-15 19:20 - 2009-07-29 15:35 - 00069160 _____ () C:\WINDOWS\msgsocm.log
2014-04-15 19:20 - 2009-07-29 15:35 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-15 19:19 - 2014-04-15 19:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-04-15 19:19 - 2014-04-15 19:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-04-15 19:19 - 2014-04-15 19:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-04-15 19:19 - 2014-04-14 18:48 - 00136058 _____ () C:\WINDOWS\KB2916036.log
2014-04-15 19:19 - 2014-04-14 18:48 - 00135519 _____ () C:\WINDOWS\KB2898715.log
2014-04-15 19:19 - 2014-04-14 18:48 - 00134187 _____ () C:\WINDOWS\KB2929961.log
2014-04-15 19:19 - 2009-12-29 18:52 - 00093958 _____ () C:\WINDOWS\updspapi.log
2014-04-15 19:19 - 2009-07-29 15:35 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-15 19:18 - 2014-04-15 19:18 - 00129240 _____ () C:\WINDOWS\KB2904266.log
2014-04-15 19:18 - 2014-04-15 19:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-15 19:18 - 2014-04-15 19:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-04-15 19:18 - 2014-04-14 18:47 - 00136803 _____ () C:\WINDOWS\KB2930275.log
2014-04-15 19:18 - 2009-12-29 18:56 - 00021332 _____ () C:\WINDOWS\system32\TZLog.log
2014-04-15 19:12 - 2009-07-29 15:35 - 01188728 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-15 19:10 - 2014-04-15 19:10 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Data aplikací\Microsoft Help
2014-04-15 19:10 - 2009-07-29 15:35 - 00000000 ___HD () C:\Documents and Settings\Default User\Local Settings\Data aplikací
2014-04-15 18:59 - 2014-04-15 18:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-04-15 18:59 - 2014-04-14 18:47 - 00133649 _____ () C:\WINDOWS\KB2893294.log
2014-04-15 18:58 - 2014-04-15 18:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-04-15 18:58 - 2014-04-14 18:47 - 00133199 _____ () C:\WINDOWS\KB2892075.log
2014-04-15 18:57 - 2013-10-16 09:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-15 18:54 - 2014-04-15 18:54 - 00129132 _____ () C:\WINDOWS\KB2934207.log
2014-04-15 18:54 - 2014-04-15 18:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-04-15 18:54 - 2013-10-11 09:22 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Silverlight
2014-04-15 18:53 - 2014-04-15 18:53 - 00009605 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-04-15 18:53 - 2014-04-15 18:52 - 00012469 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-15 18:48 - 2014-04-15 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-04-15 18:48 - 2014-04-15 18:47 - 00005517 _____ () C:\WINDOWS\KB2914368.log
2014-04-15 13:03 - 2009-07-29 14:57 - 00000000 ___RD () C:\Documents and Settings\Owner\Dokumenty
2014-04-15 12:57 - 2014-04-15 12:57 - 00001602 _____ () C:\Documents and Settings\Owner\Plocha\Mozilla Firefox.lnk

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1





===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:97.65 GB) (Free:66.97 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (M000354) (CDROM) (Total:7.1 GB) (Free:0 GB) UDF
Drive f: () (Fixed) (Total:200.43 GB) (Free:43.46 GB) NTFS

Available physical RAM: 694.25 MB
Total physical RAM: 1788.79 MB
Percentage of memory in use: 61%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 298 GB) (Disk ID: 7A3CFDCA)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 6.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Owner\Plocha" je 120 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Odinstalujte AVG PC TuneUp 2014 - v PC potrebny jak ponorce sterace

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
  HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273528 2011-08-30] (RealNetworks, Inc.)
  HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
  HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  
  URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
  SearchScopes: HKLM - DefaultScope value is missing.
  SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
  
  FF Extension: Site Matcher - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\qplye22f.default\Extensions\sitematcher@sitematcher.com [2014-05-07]
  
  DisableService: gupdate1ca2ff55364e1b6
  DisableService: JavaQuickStarterService
  
  R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe [1739064 2013-10-12] (AVG)
  S3 catchme; \??\C:\ComboFix\catchme.sys [X]
  U2 CertPropSvc; 
  S4 IntelIde; No ImagePath
  S3 PCASp50; System32\Drivers\PCASp50.sys [X]
  U3 TlntSvr; 
  
  2014-05-12 17:40 - 2014-05-12 17:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Owner\Plocha\FRSTLauncher.exe
  2014-05-12 17:18 - 2014-05-12 17:18 - 00000000 ____D () C:\Zoek
  2014-05-12 17:15 - 2014-05-12 17:05 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
  2014-05-12 17:07 - 2014-05-12 17:17 - 00007111 _____ () C:\zoek-results.log
  2014-05-12 17:05 - 2014-05-12 17:13 - 00000000 ____D () C:\zoek_backup
  2014-05-12 17:01 - 2014-05-12 17:01 - 01285120 _____ () C:\Documents and Settings\Owner\Plocha\zoek.exe
  2014-05-12 16:17 - 2014-05-12 16:17 - 01325827 _____ () C:\Documents and Settings\Owner\Plocha\adwcleaner.exe
  2014-05-12 16:04 - 2014-05-12 16:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\Owner\Plocha\JRT.exe
  2014-05-12 15:12 - 2014-05-12 15:12 - 00781909 _____ () C:\Documents and Settings\Owner\Plocha\RSIT.exe
  
  Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
  Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
  Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
  Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
  Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
  Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
  
  Hosts:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Dávám fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-05-2014 01
Ran by Owner at 2014-05-12 18:11:48 Run:1
Running from C:\Documents and Settings\Owner\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273528 2011-08-30] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

FF Extension: Site Matcher - C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\qplye22f.default\Extensions\sitematcher@sitematcher.com [2014-05-07]

DisableService: gupdate1ca2ff55364e1b6
DisableService: JavaQuickStarterService

R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe [1739064 2013-10-12] (AVG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CertPropSvc;
S4 IntelIde; No ImagePath
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U3 TlntSvr;

2014-05-12 17:40 - 2014-05-12 17:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Owner\Plocha\FRSTLauncher.exe
2014-05-12 17:18 - 2014-05-12 17:18 - 00000000 ____D () C:\Zoek
2014-05-12 17:15 - 2014-05-12 17:05 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-12 17:07 - 2014-05-12 17:17 - 00007111 _____ () C:\zoek-results.log
2014-05-12 17:05 - 2014-05-12 17:13 - 00000000 ____D () C:\zoek_backup
2014-05-12 17:01 - 2014-05-12 17:01 - 01285120 _____ () C:\Documents and Settings\Owner\Plocha\zoek.exe
2014-05-12 16:17 - 2014-05-12 16:17 - 01325827 _____ () C:\Documents and Settings\Owner\Plocha\adwcleaner.exe
2014-05-12 16:04 - 2014-05-12 16:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\Owner\Plocha\JRT.exe
2014-05-12 15:12 - 2014-05-12 15:12 - 00781909 _____ () C:\Documents and Settings\Owner\Plocha\RSIT.exe

Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Hosts:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Documents and Settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\qplye22f.default\Extensions\sitematcher@sitematcher.com => Moved successfully.
gupdate1ca2ff55364e1b6 service was disabled
JavaQuickStarterService service was disabled
TuneUp.UtilitiesSvc => Service not found.
catchme => Service deleted successfully.
CertPropSvc => Service deleted successfully.
IntelIde => Service deleted successfully.
PCASp50 => Service deleted successfully.
TlntSvr => Service deleted successfully.
C:\Documents and Settings\Owner\Plocha\FRSTLauncher.exe => Moved successfully.

"C:\Zoek" directory move:

Could not move "C:\Zoek" directory. => Scheduled to move on reboot.

C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\Owner\Plocha\zoek.exe => Moved successfully.
C:\Documents and Settings\Owner\Plocha\adwcleaner.exe => Moved successfully.
C:\Documents and Settings\Owner\Plocha\JRT.exe => Moved successfully.
C:\Documents and Settings\Owner\Plocha\RSIT.exe => Moved successfully.
C:\WINDOWS\Tasks\Google Software Updater.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1003.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1450960922-1417001333-1004.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1003.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1450960922-1417001333-1004.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-12 18:14:13)<=

C:\Zoek => Moved successfully.

==== End of Fixlog ====

Super, jak se chova PC??

Já myslím, že dobře to varování antiviru se neobjevuje už od projetí JRT a AdwCleaneru a nic negativního nepozoruju