VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfile

https://forum.viry.cz:443/viewtopic.php?t=138049

Stránka 1 z 2

Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfile

Napsal: 16 kvě 2014 18:50
od pavelpavel
Dobry den, prosim o kontrolu logu z RSIT.
V local settings/temp mam subor qtsingleapp-Promet-4204-0-lockfile , ktory nie je mozne odstranit. Ked ho v nudzovom rezime odstranim, po restarte sa znovu vytvori.
Dakujem

Prikladam log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by JA at 2014-05-16 19:39:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (4%) free of 25 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:50, on 16.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\RSIT.exe
C:\Program Files\trend micro\JA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe"
O4 - HKLM\..\Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ActivSDK Flash Extension.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2926448656
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eurosarm.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = eurosarm.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eurosarm.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ActivControl - Promethean - C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7888 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"StartNowToolbarHelper"=C:\Program Files\StartNow Toolbar\ToolbarHelper.exe []
"ActivManager"=C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe [2013-11-22 683872]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ActivSDK Flash Extension.lnk - C:\WINDOWS\Installer\{19541760-F18C-4148-8A55-F0A88B41DF0A}\NewShortcut1_31C7358B35944FA781961EEA93A9077C.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Documents and Settings\JA\Desktop\winbox.exe"="C:\Documents and Settings\JA\Desktop\winbox.exe:*:Enabled:winbox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-05-16 19:39:39 ----D---- C:\rsit
2014-05-16 19:39:34 ----A---- C:\RSIT.exe
2014-05-11 10:54:01 ----D---- C:\Program Files\ESET
2014-05-11 10:54:01 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2014-05-10 20:48:48 ----D---- C:\Program Files\Mozilla Firefox
2014-04-27 11:12:53 ----D---- C:\Documents and Settings\JA\Application Data\Promethean
2014-04-27 11:11:43 ----D---- C:\Program Files\Common Files\Activ Software
2014-04-27 11:11:31 ----D---- C:\Documents and Settings\JA\Application Data\ACTIV Software
2014-04-27 11:11:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-04-27 11:11:15 ----D---- C:\Documents and Settings\All Users\Application Data\activboard.pnp
2014-04-27 11:11:09 ----D---- C:\Program Files\Activ Software
2014-04-27 11:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Promethean
2014-04-27 11:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Activ Software

======List of files/folders modified in the last 1 months======

2014-05-16 19:39:47 ----D---- C:\WINDOWS\Prefetch
2014-05-16 19:39:41 ----D---- C:\Program Files\trend micro
2014-05-16 19:33:08 ----D---- C:\WINDOWS\Temp
2014-05-16 00:56:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-16 00:47:09 ----A---- C:\WINDOWS\ntbtlog.txt
2014-05-16 00:38:45 ----RD---- C:\Program Files
2014-05-16 00:37:42 ----D---- C:\WINDOWS\system32\drivers
2014-05-16 00:10:05 ----D---- C:\Documents and Settings\JA\Application Data\Malwarebytes
2014-05-16 00:09:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-05-16 00:09:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-14 21:00:26 ----A---- C:\WINDOWS\system32\MRT.exe
2014-05-14 20:33:29 ----D---- C:\WINDOWS\system32
2014-05-14 20:33:27 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-12 23:37:05 ----D---- C:\Documents and Settings\JA\Application Data\Skype
2014-05-12 23:34:12 ----D---- C:\Documents and Settings\JA\Application Data\skypePM
2014-05-12 15:11:59 ----D---- C:\WINDOWS
2014-05-11 10:55:09 ----SHD---- C:\WINDOWS\Installer
2014-05-11 10:54:48 ----HD---- C:\WINDOWS\inf
2014-05-11 10:54:37 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-11 09:36:06 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-05-02 21:01:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-30 10:13:01 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-04-27 11:11:45 ----D---- C:\WINDOWS\WinSxS
2014-04-27 11:11:43 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-09-17 61600]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-11-14 84992]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-09-17 38952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-07-27 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ActivControl;ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [2013-11-22 21864]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-13 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-28 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-13 116648]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 16 kvě 2014 18:53
od vyosek
Zdravim :)

:arrow: Jedna se o domaci PC nebo nejake pracovni\firemni??

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 16 kvě 2014 18:58
od pavelpavel
Domace PC

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 16 kvě 2014 19:01
od vyosek
:arrow: Takze nastaveni pripojeni na lokalni sit firmy Eurosarm (http://www.eurosarm.cz) muzu odmaznout??

:arrow: Chtelo by to uvolnit nejake volne misto, system se zacina dusit

:arrow: Vidim nainstalovany MBAM, delal jste sken? Pripadne nasel neco?

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 16 kvě 2014 19:07
od pavelpavel
Ad lokalna siet:
Ano, samozrejme, jedna sa o pozostatok nejakeho pokusu s VPN.

Ad MBAM:
Vcera nieco nasiel a odstranil. Neskor ale stiahol nejaku aktualizaciu a po reistalacii MBAM a po vybere slovenciny sa tam zbjavila ruska azbuka. Tak som MBAM odstranil.
Ak treba, dajte prosim overeny linka a MBAM nainstalujem.

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 16 kvě 2014 19:10
od vyosek
:arrow: Nejdrive to zkusime bez MBAMu :)

:arrow: Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam. Navic mate ESET Smart Security, coz je komplexni balik a nepotrebuje dalsi doplnky...

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 16 kvě 2014 20:06
od pavelpavel
1) Spybot odtraneny
2) AdwCleaner OK
3) Zoek OK

Nasleduje log z AdwCleaner:

# AdwCleaner v3.208 - Report created 16/05/2014 at 20:23:19
# Updated 11/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : JA - 53BE54B74298404
# Running from : C:\Documents and Settings\JA\Desktop\adwcleaner_3.208.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\JA\Application Data\Mozilla\Firefox\Profiles\h3dbjp40.default\searchplugins\yahoo-zugo.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [StartNowToolbarHelper]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\StartNow Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v29.0.1 (sk)

[ File : C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\giwjla9z.default-1365015632156\prefs.js ]


[ File : C:\Documents and Settings\JA\Application Data\Mozilla\Firefox\Profiles\h3dbjp40.default\prefs.js ]

Line Deleted : user_pref("keyword.URL", "hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0[...]

[ File : C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xri6bmu0.default\prefs.js ]


[ File : C:\Documents and Settings\Ľudka\Application Data\Mozilla\Firefox\Profiles\1d0yg5dd.default\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ File : C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Ľudka\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2881 octets] - [16/05/2014 20:18:11]
AdwCleaner[S0].txt - [2832 octets] - [16/05/2014 20:23:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2892 octets] ##########

Nasleduje log z ZOEK:


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by JA on pi 16.05.2014 at 20:35:07,48.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\JA\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.5.2014 20:38:10 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Disabled:@xpsp2res.dll,-22009"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\giwjla9z.default-1365015632156\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.sk/");

Added to C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Profiles\giwjla9z.default-1365015632156\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\JA\Application Data\Mozilla\Firefox\Profiles\h3dbjp40.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.sk/");
user_pref("browser.search.suggest.enabled", false);

Added to C:\Documents and Settings\JA\Application Data\Mozilla\Firefox\Profiles\h3dbjp40.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\LOCALS~1\Application Data\Mozilla\Firefox\Profiles\f8yxi30f.default\prefs.js:

Added to C:\Documents and Settings\LOCALS~1\Application Data\Mozilla\Firefox\Profiles\f8yxi30f.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xri6bmu0.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.sk/");

Added to C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xri6bmu0.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\UDKA~1\Application Data\Mozilla\Firefox\Profiles\1d0yg5dd.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.sk/");

Added to C:\Documents and Settings\UDKA~1\Application Data\Mozilla\Firefox\Profiles\1d0yg5dd.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\WINDOWS\003310_.tmp deleted
C:\WINDOWS\SET29.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\WININIT.INI deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [30.09.2009 21:34]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\LOCALS~1\Application Data\Mozilla\Firefox\Profiles\f8yxi30f.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

ProfilePath: C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xri6bmu0.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

ProfilePath: C:\Documents and Settings\UDKA~1\Application Data\Mozilla\Firefox\Profiles\1d0yg5dd.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\JA\Application Data\Mozilla\Firefox\Profiles\h3dbjp40.default
AC47B55B38D626B678897F195793ECAB - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
04AF8BC83A89D9B71F7E0BCAF9FDD768 - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat


==== Chrome Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.sk/"
"Start Page Restore"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.sk/"
"Start Page Restore"="http://www.google.sk/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Documents and Settings\UDKA~1\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\UDKA~1\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Betty\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Betty\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\UDKA~1\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\UDKA~1\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\JA\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Betty\Local Settings\Application Data\Mozilla\Firefox\Profiles\giwjla9z.default-1365015632156\Cache emptied successfully
C:\Documents and Settings\Betty\Local Settings\Application Data\Mozilla\Firefox\Profiles\gkqydljd.default\Cache emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\f8yxi30f.default\Cache emptied successfully
C:\Documents and Settings\Peter\Local Settings\Application Data\Mozilla\Firefox\Profiles\xri6bmu0.default\Cache emptied successfully
C:\Documents and Settings\UDKA~1\Local Settings\Application Data\Mozilla\Firefox\Profiles\1d0yg5dd.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Betty\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\UDKA~1\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=0 2190549 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Betty\Local Settings\Temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\JA\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\Documents and Settings\Peter\Local Settings\Temp emptied successfully
C:\Documents and Settings\UDKA~1\Local Settings\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\JA\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\JA\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on pi 16.05.2014 at 20:56:32,42 ======================

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 16 kvě 2014 20:20
od vyosek
:arrow: Parada :thumbsup:

:arrow: Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 16 kvě 2014 20:32
od pavelpavel
Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by JA (administrator) on 53BE54B74298404 on 16-05-2014 21:26:15
Running from C:\Documents and Settings\JA\Desktop
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Promethean) C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
(Microsoft Corporation) C:\WINDOWS\system32\WISPTIS.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(C. Ghisler & Co.) C:\Program Files\totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\JA\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [ActivManager] => C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe [683872 2013-11-22] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivSDK Flash Extension.lnk
ShortcutTarget: ActivSDK Flash Extension.lnk -> C:\WINDOWS\Installer\{19541760-F18C-4148-8A55-F0A88B41DF0A}\NewShortcut1_31C7358B35944FA781961EEA93A9077C.exe (Flexera Software, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.sk/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JA\Application Data\Mozilla\Firefox\Profiles\h3dbjp40.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-11]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Disk Google) - C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Hľadať v Google) - C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Peňaženka Google) - C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13]
CHR Extension: (Gmail) - C:\Documents and Settings\JA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]

========================== Services (Whitelisted) =================

R2 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21864 2013-11-22] (Promethean)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-05-12] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.)
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [65024 2007-09-29] (JMicron Technology Corp.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-16] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
S3 s116bus; C:\WINDOWS\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\WINDOWS\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\WINDOWS\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\WINDOWS\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\WINDOWS\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\WINDOWS\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\WINDOWS\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R0 ViBus; C:\WINDOWS\System32\DRIVERS\ViBus.sys [16896 2007-12-07] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2007-09-21] (VIA Technologies, Inc.)
R0 ViPrt; C:\WINDOWS\System32\DRIVERS\ViPrt.sys [52736 2007-12-07] (VIA Technologies, Inc.)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [285952 2007-12-06] (Marvell)
S3 AtcL001; system32\DRIVERS\atl01_xp.sys [X]
U4 dwshd; \SystemRoot\System32\drivers\dwshd.sys [X]
S3 IntcAzAudAddService; system32\drivers\RtkHDAud.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 21:26 - 2014-05-16 21:26 - 00012802 _____ () C:\Documents and Settings\JA\Desktop\FRST.txt
2014-05-16 21:25 - 2014-05-16 21:26 - 00000000 ____D () C:\FRST
2014-05-16 21:23 - 2014-05-16 11:27 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\JA\Desktop\FRSTLauncher.exe
2014-05-16 21:23 - 2014-05-16 11:24 - 01056768 _____ (Farbar) C:\Documents and Settings\JA\Desktop\FRST.exe
2014-05-16 20:55 - 2014-05-16 20:34 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-16 20:38 - 2014-05-16 20:56 - 00015362 _____ () C:\zoek-results.log
2014-05-16 20:34 - 2014-05-16 20:47 - 00000000 ____D () C:\zoek_backup
2014-05-16 20:33 - 2014-05-16 20:34 - 01285120 _____ () C:\Documents and Settings\JA\Desktop\zoek.exe
2014-05-16 20:18 - 2014-05-16 20:24 - 00000000 ____D () C:\AdwCleaner
2014-05-16 20:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-16 20:16 - 2014-05-16 20:16 - 01325827 _____ () C:\Documents and Settings\JA\Desktop\adwcleaner_3.208.exe
2014-05-16 19:39 - 2014-05-16 19:39 - 00000000 ____D () C:\rsit
2014-05-16 19:39 - 2014-05-16 11:24 - 00781909 _____ () C:\RSIT.exe
2014-05-16 00:10 - 2014-05-16 00:26 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 20:49 - 2014-05-11 11:06 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140515-204916.backup
2014-05-11 11:06 - 2014-05-04 21:34 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140511-110624.backup
2014-05-11 10:54 - 2014-05-11 10:54 - 00000000 ____D () C:\Program Files\ESET
2014-05-11 10:54 - 2014-05-11 10:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-05-11 10:54 - 2014-05-11 10:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ESET
2014-05-10 20:48 - 2014-05-10 20:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-04 21:34 - 2014-04-20 10:35 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140504-213438.backup
2014-05-02 21:00 - 2014-05-02 21:01 - 00005486 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-01 15:47 - 2014-05-01 15:47 - 00000000 ____D () C:\Documents and Settings\Peter\Application Data\Promethean
2014-05-01 15:34 - 2014-05-01 15:34 - 00000000 ____D () C:\Documents and Settings\Peter\Application Data\ACTIV Software
2014-04-27 23:17 - 2014-04-27 23:17 - 00000000 ____D () C:\Documents and Settings\Betty\Application Data\Promethean
2014-04-27 12:38 - 2014-04-27 12:38 - 00000000 ____D () C:\Documents and Settings\Betty\Application Data\ACTIV Software
2014-04-27 12:27 - 2014-05-01 14:47 - 00000059 _____ () C:\Documents and Settings\Ľudka\.simplerc1
2014-04-27 11:20 - 2014-05-01 14:58 - 00006174 _____ () C:\Documents and Settings\Ľudka\ACTIVstudioError.log
2014-04-27 11:20 - 2014-04-27 11:20 - 00000000 ____D () C:\Documents and Settings\Ľudka\My Documents\Promethean
2014-04-27 11:20 - 2014-04-27 11:20 - 00000000 ____D () C:\Documents and Settings\Ľudka\My Documents\Activ Software
2014-04-27 11:20 - 2014-04-27 11:20 - 00000000 ____D () C:\Documents and Settings\Ľudka\Application Data\Promethean
2014-04-27 11:19 - 2014-04-27 11:19 - 00000000 ____D () C:\Documents and Settings\Ľudka\Application Data\ACTIV Software
2014-04-27 11:12 - 2014-05-16 00:54 - 00001457 _____ () C:\Documents and Settings\JA\ACTIVstudioError.log
2014-04-27 11:12 - 2014-04-27 11:19 - 00000000 ____D () C:\Documents and Settings\JA\Application Data\Promethean
2014-04-27 11:12 - 2014-04-27 11:12 - 00000000 ____D () C:\Documents and Settings\JA\My Documents\Promethean
2014-04-27 11:12 - 2014-04-27 11:12 - 00000000 ____D () C:\Documents and Settings\JA\My Documents\Activ Software
2014-04-27 11:11 - 2014-05-16 00:53 - 00002357 _____ () C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
2014-04-27 11:11 - 2014-05-10 08:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\activboard.pnp
2014-04-27 11:11 - 2014-04-27 11:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Promethean
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Program Files\Common Files\Activ Software
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Program Files\Activ Software
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Documents and Settings\JA\Application Data\ACTIV Software
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Activ Software
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Activ Software
2014-04-20 10:35 - 2014-04-15 20:51 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140420-103512.backup

==================== One Month Modified Files and Folders =======

2014-05-16 21:26 - 2014-05-16 21:26 - 00012802 _____ () C:\Documents and Settings\JA\Desktop\FRST.txt
2014-05-16 21:26 - 2014-05-16 21:25 - 00000000 ____D () C:\FRST
2014-05-16 21:04 - 2008-04-09 10:23 - 01733380 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-16 21:02 - 2013-12-13 20:33 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 20:56 - 2014-05-16 20:38 - 00015362 _____ () C:\zoek-results.log
2014-05-16 20:56 - 2014-03-08 10:17 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-16 20:56 - 2013-12-13 20:33 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 20:56 - 2008-04-09 10:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-16 20:56 - 2007-07-27 14:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-16 20:55 - 2008-04-09 10:39 - 00000178 ___SH () C:\Documents and Settings\JA\ntuser.ini
2014-05-16 20:55 - 2008-04-09 10:29 - 00032462 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-16 20:47 - 2014-05-16 20:34 - 00000000 ____D () C:\zoek_backup
2014-05-16 20:34 - 2014-05-16 20:55 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-16 20:34 - 2014-05-16 20:33 - 01285120 _____ () C:\Documents and Settings\JA\Desktop\zoek.exe
2014-05-16 20:31 - 2013-12-13 20:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-16 20:24 - 2014-05-16 20:18 - 00000000 ____D () C:\AdwCleaner
2014-05-16 20:16 - 2014-05-16 20:16 - 01325827 _____ () C:\Documents and Settings\JA\Desktop\adwcleaner_3.208.exe
2014-05-16 20:13 - 2009-09-28 19:56 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-05-16 20:12 - 2008-04-09 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-16 19:39 - 2014-05-16 19:39 - 00000000 ____D () C:\rsit
2014-05-16 19:39 - 2009-09-25 23:18 - 00000000 ____D () C:\Program Files\trend micro
2014-05-16 19:32 - 2008-06-13 19:03 - 00000178 ___SH () C:\Documents and Settings\Peter\ntuser.ini
2014-05-16 11:27 - 2014-05-16 21:23 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\JA\Desktop\FRSTLauncher.exe
2014-05-16 11:24 - 2014-05-16 21:23 - 01056768 _____ (Farbar) C:\Documents and Settings\JA\Desktop\FRST.exe
2014-05-16 11:24 - 2014-05-16 19:39 - 00781909 _____ () C:\RSIT.exe
2014-05-16 00:54 - 2014-04-27 11:12 - 00001457 _____ () C:\Documents and Settings\JA\ACTIVstudioError.log
2014-05-16 00:53 - 2014-04-27 11:11 - 00002357 _____ () C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
2014-05-16 00:26 - 2014-05-16 00:10 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 00:10 - 2009-09-25 22:12 - 00000000 ____D () C:\Documents and Settings\JA\Application Data\Malwarebytes
2014-05-16 00:09 - 2009-09-25 22:12 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-16 00:09 - 2009-09-25 22:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-15 20:47 - 2008-06-13 16:37 - 00000178 ___SH () C:\Documents and Settings\Betty\ntuser.ini
2014-05-15 14:23 - 2009-03-05 14:41 - 00141824 _____ () C:\Documents and Settings\Betty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-15 00:08 - 2013-12-13 20:38 - 00001831 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-14 21:03 - 2013-07-10 20:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 21:00 - 2008-04-09 15:22 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 20:33 - 2012-03-30 18:11 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-14 20:33 - 2011-05-17 22:19 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-12 23:37 - 2008-11-04 17:43 - 00000000 ____D () C:\Documents and Settings\JA\Application Data\Skype
2014-05-12 23:34 - 2008-11-04 17:47 - 00000000 ____D () C:\Documents and Settings\JA\Application Data\skypePM
2014-05-12 23:33 - 2008-11-04 17:43 - 00002283 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-05-11 20:19 - 2008-07-01 21:41 - 00000178 ___SH () C:\Documents and Settings\Ľudka\ntuser.ini
2014-05-11 11:06 - 2014-05-15 20:49 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140515-204916.backup
2014-05-11 10:54 - 2014-05-11 10:54 - 00000000 ____D () C:\Program Files\ESET
2014-05-11 10:54 - 2014-05-11 10:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-05-11 10:54 - 2014-05-11 10:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ESET
2014-05-11 10:54 - 2013-04-06 13:46 - 00234491 _____ () C:\WINDOWS\setupapi.log
2014-05-11 10:40 - 2014-03-08 10:17 - 00000210 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-11 09:36 - 2012-04-25 21:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-11 09:36 - 2008-07-01 21:41 - 00000000 ____D () C:\Documents and Settings\Ľudka
2014-05-10 20:49 - 2014-05-10 20:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 08:26 - 2014-04-27 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\activboard.pnp
2014-05-04 21:34 - 2014-05-11 11:06 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140511-110624.backup
2014-05-03 15:26 - 2008-06-13 19:15 - 00002563 _____ () C:\Documents and Settings\Peter\Desktop\Microsoft Office Word 2007.lnk
2014-05-02 21:01 - 2014-05-02 21:00 - 00005486 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-02 21:01 - 2008-06-11 11:21 - 00158120 _____ () C:\WINDOWS\updspapi.log
2014-05-02 21:01 - 2008-06-11 11:20 - 02102822 _____ () C:\WINDOWS\FaxSetup.log
2014-05-02 21:01 - 2008-06-11 11:20 - 01007856 _____ () C:\WINDOWS\ocgen.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00960939 _____ () C:\WINDOWS\tsoc.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00697040 _____ () C:\WINDOWS\comsetup.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00642320 _____ () C:\WINDOWS\msmqinst.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00422770 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00368729 _____ () C:\WINDOWS\netfxocm.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00272437 _____ () C:\WINDOWS\iis6.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00144794 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00116363 _____ () C:\WINDOWS\ocmsn.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00105740 _____ () C:\WINDOWS\tabletoc.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00105181 _____ () C:\WINDOWS\msgsocm.log
2014-05-02 21:01 - 2008-06-11 11:20 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-01 15:47 - 2014-05-01 15:47 - 00000000 ____D () C:\Documents and Settings\Peter\Application Data\Promethean
2014-05-01 15:34 - 2014-05-01 15:34 - 00000000 ____D () C:\Documents and Settings\Peter\Application Data\ACTIV Software
2014-05-01 14:58 - 2014-04-27 11:20 - 00006174 _____ () C:\Documents and Settings\Ľudka\ACTIVstudioError.log
2014-05-01 14:47 - 2014-04-27 12:27 - 00000059 _____ () C:\Documents and Settings\Ľudka\.simplerc1
2014-04-30 10:13 - 2008-04-21 08:44 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 10:13 - 2007-07-27 14:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-29 23:13 - 2014-03-06 09:28 - 00000000 ____D () C:\Documents and Settings\JA\My Documents\Preberanie
2014-04-27 23:17 - 2014-04-27 23:17 - 00000000 ____D () C:\Documents and Settings\Betty\Application Data\Promethean
2014-04-27 12:38 - 2014-04-27 12:38 - 00000000 ____D () C:\Documents and Settings\Betty\Application Data\ACTIV Software
2014-04-27 11:20 - 2014-04-27 11:20 - 00000000 ____D () C:\Documents and Settings\Ľudka\My Documents\Promethean
2014-04-27 11:20 - 2014-04-27 11:20 - 00000000 ____D () C:\Documents and Settings\Ľudka\My Documents\Activ Software
2014-04-27 11:20 - 2014-04-27 11:20 - 00000000 ____D () C:\Documents and Settings\Ľudka\Application Data\Promethean
2014-04-27 11:19 - 2014-04-27 11:19 - 00000000 ____D () C:\Documents and Settings\Ľudka\Application Data\ACTIV Software
2014-04-27 11:19 - 2014-04-27 11:12 - 00000000 ____D () C:\Documents and Settings\JA\Application Data\Promethean
2014-04-27 11:12 - 2014-04-27 11:12 - 00000000 ____D () C:\Documents and Settings\JA\My Documents\Promethean
2014-04-27 11:12 - 2014-04-27 11:12 - 00000000 ____D () C:\Documents and Settings\JA\My Documents\Activ Software
2014-04-27 11:12 - 2014-04-27 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Promethean
2014-04-27 11:12 - 2008-04-09 10:39 - 00000000 ____D () C:\Documents and Settings\JA
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Program Files\Common Files\Activ Software
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Program Files\Activ Software
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Documents and Settings\JA\Application Data\ACTIV Software
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Activ Software
2014-04-27 11:11 - 2014-04-27 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Activ Software
2014-04-24 23:02 - 2014-03-06 09:28 - 00000000 ____D () C:\Documents and Settings\JA\My Documents\noveeeee
2014-04-22 21:53 - 2014-03-06 09:28 - 00000000 ____D () C:\Documents and Settings\JA\My Documents\mmmmmm
2014-04-22 21:52 - 2014-03-06 09:28 - 00000000 ____D () C:\Documents and Settings\JA\My Documents\Financie
2014-04-20 10:35 - 2014-05-04 21:34 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140504-213438.backup

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:28279D47

==================== Security Center ==================

AV: ESET Smart Security 7.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\JA\Desktop" je 3 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\TC UP\\TOTALCMD.EXE"="C:\\Program Files\\TC UP\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Documents and Settings\\JA\\Desktop\\winbox.exe"="C:\\Documents and Settings\\JA\\Desktop\\winbox.exe:*:Enabled:winbox"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Disabled:Winamp"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Disabled:@xpsp2res.dll,-22009"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 17 kvě 2014 09:49
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

2014-05-16 21:23 - 2014-05-16 11:27 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\JA\Desktop\FRSTLauncher.exe
2014-05-16 20:55 - 2014-05-16 20:34 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-16 20:38 - 2014-05-16 20:56 - 00015362 _____ () C:\zoek-results.log
2014-05-16 20:34 - 2014-05-16 20:47 - 00000000 ____D () C:\zoek_backup
2014-05-16 20:33 - 2014-05-16 20:34 - 01285120 _____ () C:\Documents and Settings\JA\Desktop\zoek.exe
2014-05-16 20:16 - 2014-05-16 20:16 - 01325827 _____ () C:\Documents and Settings\JA\Desktop\adwcleaner_3.208.exe
2014-05-16 19:39 - 2014-05-16 19:39 - 00000000 ____D () C:\rsit
2014-05-16 19:39 - 2014-05-16 11:24 - 00781909 _____ () C:\RSIT.exe
2014-05-15 20:49 - 2014-05-11 11:06 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140515-204916.backup
2014-05-11 11:06 - 2014-05-04 21:34 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140511-110624.backup
2014-04-20 10:35 - 2014-04-15 20:51 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140420-103512.backup
2014-05-16 20:13 - 2009-09-28 19:56 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-05-16 20:12 - 2008-04-09 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:28279D47

Hosts:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 17 kvě 2014 11:48
od pavelpavel
Vypis Fixlog.txt :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by JA at 2014-05-17 12:43:04 Run:1
Running from C:\Documents and Settings\JA\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

2014-05-16 21:23 - 2014-05-16 11:27 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\JA\Desktop\FRSTLauncher.exe
2014-05-16 20:55 - 2014-05-16 20:34 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-16 20:38 - 2014-05-16 20:56 - 00015362 _____ () C:\zoek-results.log
2014-05-16 20:34 - 2014-05-16 20:47 - 00000000 ____D () C:\zoek_backup
2014-05-16 20:33 - 2014-05-16 20:34 - 01285120 _____ () C:\Documents and Settings\JA\Desktop\zoek.exe
2014-05-16 20:16 - 2014-05-16 20:16 - 01325827 _____ () C:\Documents and Settings\JA\Desktop\adwcleaner_3.208.exe
2014-05-16 19:39 - 2014-05-16 19:39 - 00000000 ____D () C:\rsit
2014-05-16 19:39 - 2014-05-16 11:24 - 00781909 _____ () C:\RSIT.exe
2014-05-15 20:49 - 2014-05-11 11:06 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140515-204916.backup
2014-05-11 11:06 - 2014-05-04 21:34 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140511-110624.backup
2014-04-20 10:35 - 2014-04-15 20:51 - 00450718 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140420-103512.backup
2014-05-16 20:13 - 2009-09-28 19:56 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-05-16 20:12 - 2008-04-09 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:28279D47

Hosts:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl => Value deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk => Moved successfully.
C:\Documents and Settings\JA\Desktop\FRSTLauncher.exe => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\JA\Desktop\zoek.exe => Moved successfully.
C:\Documents and Settings\JA\Desktop\adwcleaner_3.208.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\RSIT.exe => Moved successfully.
C:\WINDOWS\system32\Drivers\etc\hosts.20140515-204916.backup => Moved successfully.
C:\WINDOWS\system32\Drivers\etc\hosts.20140511-110624.backup => Moved successfully.
C:\WINDOWS\system32\Drivers\etc\hosts.20140420-103512.backup => Moved successfully.
C:\Program Files\Spybot - Search & Destroy => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":28279D47" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 17 kvě 2014 13:25
od vyosek
Jak se chova PC??

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 19 kvě 2014 20:52
od pavelpavel
PC sa chova normalne, ale subor qtsingleapp-Promet-4204-0-lockfile sa stale nachadza v Local settings/Temp , odkial sa neda vymazat.

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 20 kvě 2014 15:47
od vyosek
:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :files
*qtsingleapp-Promet-4204-0-lockfile*.* /s
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Nemozem odstranit subor qtsingleapp-Promet-4204-0-lockfi

Napsal: 21 kvě 2014 20:09
od pavelpavel
Po restarte je dotycny subor stale na "svojom" mieste v Local settings/Temp
Vypis logu z OTL :

All processes killed
========== FILES ==========
\Documents and Settings\Betty\Local Settings\Temp\qtsingleapp-Promet-4204-0-lockfile moved successfully.
\Documents and Settings\JA\Local Settings\Temp\qtsingleapp-Promet-4204-0-lockfile moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Betty
->Temp folder emptied: 1548 bytes
->Temporary Internet Files folder emptied: 353866 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 275061777 bytes
->Google Chrome cache emptied: 287816406 bytes
->Flash cache emptied: 952 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: JA
->Temp folder emptied: 453347 bytes
->Temporary Internet Files folder emptied: 1097737 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74437543 bytes
->Google Chrome cache emptied: 6186808 bytes
->Flash cache emptied: 1881835 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3524565 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62954801 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2827893 bytes

User: Ľudka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 860227 bytes
->FireFox cache emptied: 69694971 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 332703710 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 068,00 mb


[EMPTYFLASH]

User: All Users

User: Betty
->Flash cache emptied: 0 bytes

User: Default User

User: JA
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Peter
->Flash cache emptied: 0 bytes

User: Ľudka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Betty
->Java cache emptied: 0 bytes

User: Default User

User: JA
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Peter
->Java cache emptied: 0 bytes

User: Ľudka

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05212014_210027

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz