Prosímo kontrolu, podezření, 1 proces pořád 50%

Zpráva

kolizek · #1 Příspěvek od **kolizek** » 05 lis 2014 22:03

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Jan Rukavička (administrator) on 1810TZ on 10-11-2014 22:00:48
Running from C:\Documents and Settings\Jan Rukavička\Plocha
Loaded Profile: Jan Rukavička (Available profiles: Jan Rukavička)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(forum.viry.cz) C:\Documents and Settings\Jan Rukavička\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-07-01] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-07-01] (Intel(R) Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [805384 2014-01-25] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [MSStp] => C:\WINDOWS\inf\msstp.vbe [1584 2014-03-05] ()
HKLM\...\Run: [mnceopwavSrv] => C:\WINDOWS\system32\mnceopwav.vbe [7670 2014-03-05] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [515072 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKCU - {010F492F-54FC-4461-8A2D-F34ABA0436C5} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: PodoWeb -> {980b8a8f-ea0b-4c24-a2e9-70635e2502e9} -> C:\Program Files\PodoWeb\PodoWebbho.dll (PodoWeb)
BHO: NextCoup -> {ae711686-aca6-4629-960b-3dfd922e5d5b} -> C:\Program Files\NextCoup\Fn3ITHATu6Df2g.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Vaudixx) - C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph [2014-09-14]
CHR Extension: (NextCoup) - C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef [2014-10-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-07-01] (Intel(R) Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533024 2009-06-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991136 2009-04-15] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [45984 2009-06-18] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-10-06] (Disc Soft Ltd)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22688 2014-01-21] (REALiX(tm))
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [39424 2009-03-31] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw1x32; C:\WINDOWS\System32\DRIVERS\NETw1x32.sys [5929216 2009-06-19] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 22:00 - 2014-11-10 22:01 - 00010018 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\FRST.txt
2014-11-10 22:00 - 2014-11-10 22:00 - 00000000 ____D () C:\FRST
2014-11-10 21:59 - 2014-11-10 21:59 - 01106432 _____ (Farbar) C:\Documents and Settings\Jan Rukavička\Plocha\FRST.exe
2014-11-10 21:59 - 2014-11-10 21:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jan Rukavička\Plocha\FRSTLauncher.exe
2014-11-10 19:44 - 2014-11-10 19:44 - 00001915 _____ () C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2014-11-10 19:44 - 2014-11-10 19:44 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Google
2014-11-10 19:44 - 2014-11-10 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2014-11-10 19:39 - 2014-11-10 21:46 - 00000950 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 19:39 - 2014-11-10 19:44 - 00000954 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 19:39 - 2014-11-10 19:44 - 00000000 ____D () C:\Program Files\Google
2014-11-08 18:04 - 2014-11-08 18:04 - 00003926 _____ () C:\WINDOWS\setupapi.log
2014-11-07 09:40 - 2014-11-07 09:40 - 00000690 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141107_094013.reg
2014-10-24 15:35 - 2014-10-24 15:35 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-24 15:35 - 2014-10-24 15:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-24 15:35 - 2014-10-24 15:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-24 15:35 - 2014-10-24 15:35 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-24 15:35 - 2014-10-24 15:35 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-24 15:35 - 2014-10-24 15:35 - 00000000 ____D () C:\Program Files\Java
2014-10-24 15:35 - 2014-10-24 15:35 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-24 15:35 - 2014-10-24 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2014-10-24 15:32 - 2014-10-24 15:32 - 00019326 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141024_163233.reg
2014-10-24 15:25 - 2014-10-24 15:25 - 00000000 ____D () C:\Program Files\NextCoup
2014-10-24 15:25 - 2014-10-24 15:25 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\NextCoup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 22:01 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Temp
2014-11-10 22:00 - 2014-01-16 22:15 - 00000000 ___HD () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací
2014-11-10 22:00 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Plocha
2014-11-10 21:48 - 2014-08-04 13:06 - 00000062 _____ () C:\Documents and Settings\Jan Rukavička\rgut
2014-11-10 21:48 - 2014-01-16 22:57 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-11-10 21:47 - 2014-01-16 23:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-10 21:47 - 2014-01-16 22:10 - 01929087 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-10 21:46 - 2014-01-16 23:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-10 21:46 - 2014-01-16 22:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-10 20:04 - 2014-01-16 22:15 - 00000178 ___SH () C:\Documents and Settings\Jan Rukavička\ntuser.ini
2014-11-10 20:04 - 2014-01-16 22:14 - 00032620 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-10 19:44 - 2014-01-16 23:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-11-10 19:44 - 2014-01-16 23:00 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-11-10 19:44 - 2014-01-16 22:15 - 00000000 __RHD () C:\Documents and Settings\Jan Rukavička\Data aplikací
2014-11-10 19:39 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google
2014-11-10 19:31 - 2014-01-17 00:00 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-07 10:42 - 2014-01-16 23:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-07 10:42 - 2014-01-16 23:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-07 10:41 - 2014-06-21 07:49 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Adobe
2014-11-07 09:56 - 2014-01-16 22:09 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-11-07 09:53 - 2014-10-03 18:23 - 00000000 ____D () C:\Program Files\Abe's Oddysee
2014-11-07 09:53 - 2014-01-16 23:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-11-07 09:53 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička
2014-11-07 09:52 - 2014-01-16 23:00 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-11-07 09:52 - 2014-01-16 23:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-07 09:40 - 2014-01-16 22:15 - 00000000 ___RD () C:\Documents and Settings\Jan Rukavička\Dokumenty
2014-11-07 09:37 - 2014-01-16 09:56 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-02 13:02 - 2014-01-16 23:01 - 00785792 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-24 20:06 - 2014-01-17 11:00 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\vlc
2014-10-24 16:14 - 2014-10-03 18:09 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Seznam.cz
2014-10-24 15:26 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Vaudaix
2014-10-24 15:25 - 2014-09-14 17:21 - 00000406 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-10-24 15:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Program Files\Vaudaix
2014-10-24 15:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\8c4d112dfd1676b4
2014-10-24 15:18 - 2014-01-16 23:18 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\GHISLER
2014-10-24 08:06 - 2014-02-14 09:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-24 08:04 - 2014-01-16 23:19 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:40.01 GB) (Free:31.49 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:192.87 GB) (Free:75.71 GB) NTFS

Available physical RAM: 2528.7 MB
Total physical RAM: 2974.84 MB
Percentage of memory in use: 14%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 232.9 GB) (Disk ID: 1E06AC08)
Partition 1: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=192.9 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Low Battery Alarm Program.job => ?
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Jan Rukavika\Plocha" je 15 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel
C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
mnmsrvc REG_DWORD 0x3
avast! Antivirus REG_DWORD 0x2

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jan Rukavika\\Plocha\\MyPhoneExplorer portable\\MyPhoneExplorer portable.exe"="C:\\Documents and Settings\\Jan Rukavika\\Plocha\\MyPhoneExplorer portable\\MyPhoneExplorer portable.exe:*:Enabled:MyPhoneExplorer"
"C:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer portable.exe"="C:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer portable.exe:*:Enabled:MyPhoneExplorer"
"C:\\Program Files\\Things & Stuff\\Touchpad Server\\TouchpadServer.exe"="C:\\Program Files\\Things & Stuff\\Touchpad Server\\TouchpadServer.exe:*:Enabled:Touchpad Server"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"="C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"="C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

kolizek · #2 Příspěvek od **kolizek** » 05 lis 2014 22:07

Proces, co bere 50% je lcpmnceopwav.exe. Je v ...\system32\

#3 Příspěvek od **altrok** » 05 lis 2014 22:10

Zdravim

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Clean
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

kolizek · #4 Příspěvek od **kolizek** » 05 lis 2014 22:26

# AdwCleaner v3.311 - Report created 10/11/2014 at 22:25:11
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jan Rukavička - 1810TZ
# Running from : C:\Documents and Settings\Jan Rukavička\Plocha\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\NextCoup
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Vaudaix
Folder Deleted : C:\Program Files\NextCoup
Folder Deleted : C:\Program Files\PodoWeb
Folder Deleted : C:\Program Files\Vaudaix
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Chromatic Browser
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Chromatic Browser
Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Chromatic Browser
Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Chromatic Browser
Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Chromatic Browser
Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Chromatic Browser
Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Chromatic Browser
Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\torch
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bcnlgaejjldjaekengmfmbdgiblfdcph
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pojlppkoeidkjfhehlmdajbklflkpkef

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ae711686-aca6-4629-960b-3dfd922e5d5b}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae711686-aca6-4629-960b-3dfd922e5d5b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae711686-aca6-4629-960b-3dfd922e5d5b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae711686-aca6-4629-960b-3dfd922e5d5b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ae711686-aca6-4629-960b-3dfd922e5d5b}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe]
Key Deleted : HKCU\Software\PodoWeb
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKLM\SOFTWARE\PodoWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PodoWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [20011 octets] - [10/11/2014 22:23:20]
AdwCleaner[S0].txt - [20482 octets] - [10/11/2014 22:25:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20543 octets] ##########

#5 Příspěvek od **altrok** » 05 lis 2014 22:28

Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm

spustte jako spravce
do velkeho okna zkopirujte script uvedeny nize
kliknete na Run script
po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi
Kód: Vybrat vše
```
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
```

kolizek · #6 Příspěvek od **kolizek** » 05 lis 2014 22:41

Zoek.exe v5.0.0.0 Updated 04-November-2014
Tool run by Jan Rukaviźka on po 10.11.2014 at 22:33:31,90.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\JANRUK~1\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.11.2014 22:33:52 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-861567501-1801674531-1177238915-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{980b8a8f-ea0b-4c24-a2e9-70635e2502e9} deleted successfully
HKEY_USERS\S-1-5-21-861567501-1801674531-1177238915-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{980b8a8f-ea0b-4c24-a2e9-70635e2502e9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{980b8a8f-ea0b-4c24-a2e9-70635e2502e9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{980b8a8f-ea0b-4c24-a2e9-70635e2502e9} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Documents and Settings\JANRUK~1\.android deleted
C:\Program Files\ComPlus Applications deleted
C:\devcon.exe deleted
C:\DPsFnshr.exe deleted
C:\DSPdsblr.exe deleted
C:\makePNF.exe deleted
C:\mute.exe deleted
C:\pmtimer.exe deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8c4d112dfd1676b4\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141024162531" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8c4d112dfd1676b4\{681002C6-5019-81A2-7871-A43754F71E56}.20140914182106" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8c4d112dfd1676b4\{681002C6-5019-81A2-7871-A43754F71E56}.20140914182156" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8c4d112dfd1676b4\{681002C6-5019-81A2-7871-A43754F71E56}.20141024162519" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8c4d112dfd1676b4\{681002C6-5019-81A2-7871-A43754F71E56}.20141024162531" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8c4d112dfd1676b4\{681002C6-5019-81A2-7871-A43754F71E56}.20141024162532" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8c4d112dfd1676b4" deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{010F492F-54FC-4461-8A2D-F34ABA0436C5} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_13415"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{F9FA9CF9-094C-42F3-A03E-E2F01E5C91CB} Google Url="http://www.google.com/search?q={searchT ... utEncoding?}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\JANRUK~1\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\JANRUK~1\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=5 1359407 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\JANRUK~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\JANRUK~1\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on po 10.11.2014 at 22:41:40,79 ======================

#7 Příspěvek od **altrok** » 05 lis 2014 22:44

Nainstalujte MBAM, zaktualizujte jeho databazi a pustte vlastni sken, kterym zkontrolujte vsechny disky - http://forum.viry.cz/viewtopic.php?f=29&t=137928

kolizek · #8 Příspěvek od **kolizek** » 05 lis 2014 22:47

To už jsem chtěl,ale bohužel při instalaci vždy napíše: interní chyba: Expression error Runtime error (at 85:109)

#9 Příspěvek od **altrok** » 05 lis 2014 22:58

Omlouvam se za spatny navod... MBAM 2.0 nepodporuje Win XP

Stahnete MBAM 1.75 http://www.bleepingcomputer.com/downloa ... i-malware/
Pozor... i v prubehu instalace Vam bude nekolikrat nabidnuta aktualizace na novejsi verzi (2.0), coz odmitnete. Takze si pred kazdym klikem na Next nebo OK pozorne prectete, co Vam MBAM rika. Nezapomente nakonec aktualizovat databazi (jen databazi - nikoliv cely program).

kolizek · #10 Příspěvek od **kolizek** » 06 lis 2014 00:05

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.11.05.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jan Rukavička :: 1810TZ [administrátor]

10.11.2014 23:37:06
MBAM-log-2014-11-11 (00-06-40).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 385277
Uplynulý čas: 28 minut, 32 sekund

Nalezené procesy v paměti: 1
C:\WINDOWS\system32\lcpmnceopwav.exe (PUP.BitCoinMiner) -> 3072 -> Nebyla provedena žádná instrukce.

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCR\Typelib\{157B1AA6-3E5C-404A-9118-C1D91F537040} (PUP.Optional.Multiplug) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSStp (Trojan.Agent.SCR) -> Data: C:\WINDOWS\inf\msstp.vbe -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 20
C:\WINDOWS\system32\lcpmnceopwav.exe (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\NextCoup\Fn3ITHATu6Df2g.dll.vir (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\NextCoup\Fn3ITHATu6Df2g.x64.dll.vir (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\PodoWeb.FirstRun.exe.vir (PUP.Optional.Sambreel.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\PodoWebbho.dll.vir (PUP.Optional.PodoWeb.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\PodoWeb\updatePodoWeb.exe.vir (PUP.Optional.PodoWeb.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP17\A0006424.exe (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP19\A0007391.dll (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP19\A0007392.dll (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP19\A0007399.exe (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP22\A0007963.exe (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP22\A0007968.dll (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP22\A0007970.dll (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP22\A0007972.exe (PUP.Optional.Sambreel.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP22\A0007974.dll (PUP.Optional.PodoWeb.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{5AE8A7A1-ED79-4881-868B-12CDCD2F70C0}\RP22\A0007976.exe (PUP.Optional.PodoWeb.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\acumnceopwav.exe (PUP.Optional.Bitcoin) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\dcgmnceopwav.exe (Trojan.BitMiner) -> Nebyla provedena žádná instrukce.
D:\Download\DTLite4491-0356.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\inf\msstp.vbe (Trojan.Agent.SCR) -> Nebyla provedena žádná instrukce.

(konec)

kolizek · #11 Příspěvek od **kolizek** » 06 lis 2014 00:15

Krom položek v ADW cleaner jsem vše smazal. Mělo by to být ok. Děkuji za konzultaci!

#12 Příspěvek od **altrok** » 06 lis 2014 00:46

Jeste minimalne jeden miner Vam tam preziva a tezko rict jestli byla smazana havet z bodu obnovy...

Dejte novy log FRST, prilozte i Addition.txt

kolizek · #13 Příspěvek od **kolizek** » 06 lis 2014 17:01

Omlouvám se za prodlevu, ale teď jsem dorazil domů...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Jan Rukavička (administrator) on 1810TZ on 11-11-2014 16:59:22
Running from C:\Documents and Settings\Jan Rukavička\Plocha
Loaded Profile: Jan Rukavička (Available profiles: Jan Rukavička)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(forum.viry.cz) C:\Documents and Settings\Jan Rukavička\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-07-01] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-07-01] (Intel(R) Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [805384 2014-01-25] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [mnceopwavSrv] => C:\WINDOWS\system32\mnceopwav.vbe [7670 2014-03-05] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [515072 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {010F492F-54FC-4461-8A2D-F34ABA0436C5} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-07-01] (Intel(R) Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533024 2009-06-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991136 2009-04-15] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [45984 2009-06-18] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22688 2014-01-21] (REALiX(tm))
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [39424 2009-03-31] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw1x32; C:\WINDOWS\System32\DRIVERS\NETw1x32.sys [5929216 2009-06-19] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 16:59 - 2014-11-11 16:59 - 00029696 _____ () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\MSGBOX.EXE
2014-11-11 16:59 - 2014-11-11 16:59 - 00015327 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\LM.bat
2014-11-11 16:59 - 2014-11-11 16:59 - 00009484 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\FRST.txt
2014-11-11 00:18 - 2014-11-11 00:18 - 00018276 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141111_001831.reg
2014-11-10 23:32 - 2014-11-10 23:32 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-11-10 23:32 - 2014-11-10 23:32 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-10 23:32 - 2014-11-10 23:32 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-11-10 23:32 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-10 23:24 - 2014-11-10 23:24 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Malwarebytes
2014-11-10 23:20 - 2014-11-10 23:21 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Jan Rukavička\Plocha\mbam-setup-1.75.0.1300.exe
2014-11-10 23:15 - 2014-11-10 23:15 - 00000000 ___HD () C:\WINDOWS\PIF
2014-11-10 22:40 - 2014-11-11 16:59 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Temp
2014-11-10 22:40 - 2014-11-10 22:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-10 22:33 - 2014-11-10 22:41 - 00006138 _____ () C:\zoek-results.log
2014-11-10 22:33 - 2014-11-10 22:39 - 00000000 ____D () C:\zoek_backup
2014-11-10 22:32 - 2014-11-10 22:32 - 01292800 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\zoek.exe
2014-11-10 22:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-11-10 22:23 - 2014-11-10 22:25 - 00000000 ____D () C:\AdwCleaner
2014-11-10 22:22 - 2014-11-10 22:22 - 01375089 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\AdwCleaner.exe
2014-11-10 22:18 - 2014-11-10 23:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-11-10 22:00 - 2014-11-11 16:59 - 00000000 ____D () C:\FRST
2014-11-10 21:59 - 2014-11-10 21:59 - 01106432 _____ (Farbar) C:\Documents and Settings\Jan Rukavička\Plocha\FRST.exe
2014-11-10 21:59 - 2014-11-10 21:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jan Rukavička\Plocha\FRSTLauncher.exe
2014-11-10 19:44 - 2014-11-10 19:44 - 00001915 _____ () C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2014-11-10 19:44 - 2014-11-10 19:44 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Google
2014-11-10 19:44 - 2014-11-10 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2014-11-10 19:39 - 2014-11-11 16:56 - 00000950 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 19:39 - 2014-11-10 23:44 - 00000954 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 19:39 - 2014-11-10 19:44 - 00000000 ____D () C:\Program Files\Google
2014-11-07 09:40 - 2014-11-07 09:40 - 00000690 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141107_094013.reg
2014-10-24 15:35 - 2014-10-24 15:35 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-24 15:35 - 2014-10-24 15:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-24 15:35 - 2014-10-24 15:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-24 15:35 - 2014-10-24 15:35 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-24 15:35 - 2014-10-24 15:35 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-24 15:35 - 2014-10-24 15:35 - 00000000 ____D () C:\Program Files\Java
2014-10-24 15:35 - 2014-10-24 15:35 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-24 15:35 - 2014-10-24 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2014-10-24 15:32 - 2014-10-24 15:32 - 00019326 _____ () C:\Documents and Settings\Jan Rukavička\Dokumenty\cc_20141024_163233.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 16:59 - 2014-08-04 13:08 - 00000003 _____ () C:\Documents and Settings\Jan Rukavička\stut
2014-11-11 16:59 - 2014-01-16 22:15 - 00000000 ___HD () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací
2014-11-11 16:59 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Plocha
2014-11-11 16:58 - 2014-01-16 22:57 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-11-11 16:57 - 2014-01-16 22:10 - 01968460 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-11 16:56 - 2014-01-16 23:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-11 16:56 - 2014-01-16 23:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-11 16:56 - 2014-01-16 22:14 - 00032610 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-11 16:56 - 2014-01-16 22:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-11 00:23 - 2014-01-16 22:15 - 00000178 ___SH () C:\Documents and Settings\Jan Rukavička\ntuser.ini
2014-11-11 00:23 - 2014-01-16 22:09 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-11-11 00:18 - 2014-01-16 22:15 - 00000000 ___RD () C:\Documents and Settings\Jan Rukavička\Dokumenty
2014-11-11 00:18 - 2014-01-16 22:15 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička
2014-11-11 00:11 - 2014-01-16 22:57 - 00000000 ____D () C:\WINDOWS\twain_32
2014-11-10 23:32 - 2014-01-16 23:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-11-10 23:32 - 2014-01-16 23:00 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-11-10 23:31 - 2014-08-04 13:06 - 00000062 _____ () C:\Documents and Settings\Jan Rukavička\rgut
2014-11-10 23:31 - 2014-01-17 00:00 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-10 23:24 - 2014-01-16 22:15 - 00000000 __RHD () C:\Documents and Settings\Jan Rukavička\Data aplikací
2014-11-10 22:45 - 2014-01-16 23:01 - 00785792 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-10 22:41 - 2014-09-14 17:21 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-11-10 22:39 - 2014-09-14 17:21 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-11-10 22:39 - 2014-01-16 23:00 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\IWAM_1810TZ\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\IUSR_1810TZ\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Data aplikací
2014-11-10 22:25 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-11-10 19:39 - 2014-09-14 17:21 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Google
2014-11-07 10:42 - 2014-01-16 23:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-07 10:42 - 2014-01-16 23:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-07 10:41 - 2014-06-21 07:49 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\Adobe
2014-11-07 09:53 - 2014-10-03 18:23 - 00000000 ____D () C:\Program Files\Abe's Oddysee
2014-11-07 09:53 - 2014-01-16 23:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-11-07 09:52 - 2014-01-16 23:00 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-11-07 09:52 - 2014-01-16 23:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-07 09:37 - 2014-01-16 09:56 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-24 20:06 - 2014-01-17 11:00 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\vlc
2014-10-24 16:14 - 2014-10-03 18:09 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Data aplikací\Seznam.cz
2014-10-24 15:18 - 2014-01-16 23:18 - 00000000 ____D () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\GHISLER
2014-10-24 08:06 - 2014-02-14 09:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-24 08:04 - 2014-01-16 23:19 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Jan Rukavička at 2014-11-11 16:59:58
Running from C:\Documents and Settings\Jan Rukavička\Plocha
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aktualizace systému Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version: - Microsoft Corporation)
Aktualizace zabezpečení produktu Windows XP (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2) (Version: 2 - Microsoft Corporation) Hidden
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260) (Version: 1 - Microsoft Corporation) Hidden
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.19 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HWiNFO32 Version 4.30 (HKLM\...\HWiNFO32_is1) (Version: 4.30 - Martin Malík - REALiX)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
ITN Converter 1.85 (HKLM\...\ITN Converter_is1) (Version: 1.85 - Benichou Software)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Launch Manager (HKLM\...\LManager) (Version: 2.0.00 - Acer Inc.)
Malwarebytes Anti-Malware verze 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office PowerPoint Viewer 2007 (Czech) (HKLM\...\{95120000-00AF-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
Microsoft Office XP Professional s aplikací FrontPage (HKLM\...\{90280405-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.11 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5874 - Realtek Semiconductor Corp.)
Sada Compatibility Pack pro systém Office 2007 (HKLM\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Software Bluetooth WIDCOMM (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.7500 - Broadcom)
Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{8E7CD6B1-1F89-49D9-9E2C-F7FADC5C9390}) (Version: 12.05.0000 - Intel(R) Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Tyre (HKLM\...\Tyre_is1) (Version: 6.4.1.2 - 't Schrijverke)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

22-08-2014 12:00:01 Software Distribution Service 3.0
08-09-2014 10:26:04 Removed Java 7 Update 51
08-09-2014 10:26:19 Installed Java 7 Update 67
18-09-2014 07:28:06 Software Distribution Service 3.0
28-09-2014 13:52:56 Odstraněno Samsung New PC Studio
24-10-2014 07:03:59 Software Distribution Service 3.0
24-10-2014 14:34:56 Removed Java 7 Update 67
24-10-2014 14:35:10 Installed Java 7 Update 71
01-11-2014 22:01:29 Kontrolní bod systému
10-11-2014 21:33:52 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-01-16 09:55 - 2014-11-10 22:33 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Low Battery Alarm Program.job => ?
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2009-07-01 17:14 - 2009-07-01 17:14 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-06-20 10:13 - 2009-06-20 10:13 - 00069697 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-06-20 10:15 - 2009-06-20 10:15 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AzMixerSel => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-861567501-1801674531-1177238915-500 - Administrator - Enabled)
Guest (S-1-5-21-861567501-1801674531-1177238915-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-861567501-1801674531-1177238915-1002 - Limited - Disabled)
IUSR_1810TZ (S-1-5-21-861567501-1801674531-1177238915-1000 - Limited - Enabled)
IWAM_1810TZ (S-1-5-21-861567501-1801674531-1177238915-1001 - Limited - Enabled)
Jan Rukavička (S-1-5-21-861567501-1801674531-1177238915-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Jan Rukavička
SUPPORT_388945a0 (S-1-5-21-861567501-1801674531-1177238915-1004 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 04:56:41 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Nelze otevřít službu přesměrovače. Data o výkonu přesměrovače nejsou
k dispozici.Vrácený chybový kód je v datech DWORD 0.

Error: (11/11/2014 04:56:41 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít službu serveru. Data o výkonu serveru nejsou
k dispozici. Vrácený chybový kód je v datech DWORD 0.

System errors:
=============
Error: (11/11/2014 04:56:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení omezení výchozí pro počítač neuděluje oprávnění typu Místní - Aktivace k aplikaci COM Server s identifikátorem CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
uživateli NT AUTHORITY\NETWORK SERVICE (SID S-1-5-20). Toto oprávnění zabezpečení lze upravit pomocí nástroje správy Služba komponent.

Error: (11/11/2014 04:56:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení omezení výchozí pro počítač neuděluje oprávnění typu Místní - Aktivace k aplikaci COM Server s identifikátorem CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
uživateli NT AUTHORITY\NETWORK SERVICE (SID S-1-5-20). Toto oprávnění zabezpečení lze upravit pomocí nástroje správy Služba komponent.

Error: (11/11/2014 04:56:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení omezení výchozí pro počítač neuděluje oprávnění typu Místní - Aktivace k aplikaci COM Server s identifikátorem CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
uživateli NT AUTHORITY\NETWORK SERVICE (SID S-1-5-20). Toto oprávnění zabezpečení lze upravit pomocí nástroje správy Služba komponent.

Error: (11/11/2014 04:56:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služby IPSEC byla ukončena s následující chybou:
%%1747

Microsoft Office Sessions:
=========================
Error: (11/11/2014 04:56:41 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

Error: (11/11/2014 04:56:41 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

==================== Memory info ===========================

Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz
Percentage of memory in use: 15%
Total physical RAM: 2974.84 MB
Available physical RAM: 2512.55 MB
Total Pagefile: 2814.58 MB
Available Pagefile: 2510.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:40.01 GB) (Free:31.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:192.87 GB) (Free:76.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1E06AC08)
Partition 1: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=192.9 GB) - (Type=OF Extended)

==================== End Of Log ============================

#14 Příspěvek od **altrok** » 06 lis 2014 20:02

Nic se nedeje, taky jsem byl doted na prednasce

Okamzite nainstalujte antivir - z free reseni lze doporucit Avast nebo Aviru (volba je samozrejme na Vas)

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog, jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [805384 2014-01-25] (Dritek System Inc.)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [mnceopwavSrv] => C:\WINDOWS\system32\mnceopwav.vbe [7670 2014-03-05] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
C:\WINDOWS\system32\mnceopwav.vbe
CHR dev: Chrome dev build detected! <======= ATTENTION
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2014-11-11 16:59 - 2014-11-11 16:59 - 00029696 _____ () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\MSGBOX.EXE
2014-11-11 16:59 - 2014-11-11 16:59 - 00015327 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\LM.bat
2014-11-10 23:20 - 2014-11-10 23:21 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Jan Rukavička\Plocha\mbam-setup-1.75.0.1300.exe
2014-11-10 22:40 - 2014-11-10 22:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-10 22:33 - 2014-11-10 22:41 - 00006138 _____ () C:\zoek-results.log
2014-11-10 22:33 - 2014-11-10 22:39 - 00000000 ____D () C:\zoek_backup
2014-11-10 22:32 - 2014-11-10 22:32 - 01292800 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\zoek.exe
2014-11-10 22:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Low Battery Alarm Program.job => ?
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\system32\lcpmnceopwav.exe
C:\WINDOWS\inf\msstp.vbe
C:\WINDOWS\system32\acumnceopwav.exe
C:\WINDOWS\system32\dcgmnceopwav.exe
Hosts:
EmptyTemp:
End

kolizek · #15 Příspěvek od **kolizek** » 06 lis 2014 20:52

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-11-2014
Ran by Jan Rukavička at 2014-11-11 20:51:35 Run:1
Running from C:\Documents and Settings\Jan Rukavička\Plocha
Loaded Profile: Jan Rukavička (Available profiles: Jan Rukavička)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [805384 2014-01-25] (Dritek System Inc.)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [mnceopwavSrv] => C:\WINDOWS\system32\mnceopwav.vbe [7670 2014-03-05] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
C:\WINDOWS\system32\mnceopwav.vbe
CHR dev: Chrome dev build detected! <======= ATTENTION
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2014-11-11 16:59 - 2014-11-11 16:59 - 00029696 _____ () C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\MSGBOX.EXE
2014-11-11 16:59 - 2014-11-11 16:59 - 00015327 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\LM.bat
2014-11-10 23:20 - 2014-11-10 23:21 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Jan Rukavička\Plocha\mbam-setup-1.75.0.1300.exe
2014-11-10 22:40 - 2014-11-10 22:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-10 22:33 - 2014-11-10 22:41 - 00006138 _____ () C:\zoek-results.log
2014-11-10 22:33 - 2014-11-10 22:39 - 00000000 ____D () C:\zoek_backup
2014-11-10 22:32 - 2014-11-10 22:32 - 01292800 _____ () C:\Documents and Settings\Jan Rukavička\Plocha\zoek.exe
2014-11-10 22:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Low Battery Alarm Program.job => ?
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\system32\lcpmnceopwav.exe
C:\WINDOWS\inf\msstp.vbe
C:\WINDOWS\system32\acumnceopwav.exe
C:\WINDOWS\system32\dcgmnceopwav.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\LManager => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mnceopwavSrv => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
C:\WINDOWS\system32\mnceopwav.vbe => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\Jan Rukavička\Local Settings\Data aplikací\MSGBOX.EXE => Moved successfully.
C:\Documents and Settings\Jan Rukavička\Plocha\LM.bat => Moved successfully.
C:\Documents and Settings\Jan Rukavička\Plocha\mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\Jan Rukavička\Plocha\zoek.exe => Moved successfully.
C:\WINDOWS\system32\sqlite3.dll => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Low Battery Alarm Program.job => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
"C:\WINDOWS\system32\lcpmnceopwav.exe" => File/Directory not found.
"C:\WINDOWS\inf\msstp.vbe" => File/Directory not found.
"C:\WINDOWS\system32\acumnceopwav.exe" => File/Directory not found.
"C:\WINDOWS\system32\dcgmnceopwav.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 55.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

VIRY.CZ

Prosímo kontrolu, podezření, 1 proces pořád 50%

Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%

Re: Prosímo kontrolu, podezření, 1 proces pořád 50%