Problem s PC neotestovatelne soubory

[Mithrandir]

Zdravim, rodice maji problem s PC...bezi pomalu a kdyz pustim AVAST antivir, hodi hlasku, ze nektere soubory nemohly byt otestovany...archiv je chranen heslem...tech souboru je docela dost...jsou ve slozce C:\System Volume Information.
Prikladam log z RSIT. Vse je teda cineno vzdalenou spravou pres Teamviewer, tak snad to nebude problem. Dik



Log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by mamka taťka at 2015-01-22 21:00:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (20%) free of 50 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:00:59, on 22.1.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WatchPower1.05\WatchPower.exe
C:\Program Files\WatchPower1.05\jre\bin\javaw.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WatchPower1.05\WatchPowerTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\TEMP~1.ROD\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer.exe
C:\DOCUME~1\TEMP~1.ROD\LOCALS~1\Temp\TeamViewer\Version9\tv_w32.exe
c:\docume~1\temp~1.rod\locals~1\temp\teamviewer\version9\TeamViewer_Desktop.exe
C:\Documents and Settings\TEMP.RODINA\Plocha\RSIT.exe
C:\Program Files\trend micro\mamka taťka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1177238915-573735546-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Zdenda')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: prf38.tmp
O4 - Startup: WatchPower.lnk = C:\Program Files\WatchPower1.05\WatchPower.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/1 ... oader4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 8832 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job - C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job - C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-573735546-1417001333-1004.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-573735546-1417001333-1009.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-573735546-1417001333-1004.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-573735546-1417001333-1009.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck
C:\WINDOWS\tasks\SmartDefrag.job - C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe /Schedule
C:\WINDOWS\tasks\SmartDefrag3_Update.job - C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe /autorun

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\TEMP.RODINA\Data aplikací\Mozilla\Firefox\Profiles\669y1tl7.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, wrc@avast.com:20110101, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "https://www.google.com/search"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.257 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732]
"Description"=6.0.12.732
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Documents and Settings\TEMP.RODINA\Data aplikací\Mozilla\Firefox\Profiles\669y1tl7.default\searchplugins\
Google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-23 586968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-05 491008]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-20 202256]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-01-10 5227112]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 350072]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy\Po spuštění
prf38.tmp
WatchPower.lnk - C:\Program Files\WatchPower1.05\WatchPower.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth"
"C:\WINDOWS\system32\SUPDSvc.exe"="C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"D:\The Witcher 2 Enhanced Edition\bin\witcher2.exe"="D:\The Witcher 2 Enhanced Edition\bin\witcher2.exe:*:Enabled:The Witcher 2: Assasins of Kings"
"C:\WINDOWS\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe"="C:\WINDOWS\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe:*:Enabled:Samsung Scanner Discovery Module V3"
"C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager"
"C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe"="C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies "
"C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert "
"C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe"="C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe:*:Enabled:Samsung uninstaller "
"C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe"="C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:EPM CDA Scan2PC"
"C:\Program Files\Samsung\Easy Document Creator\EDC.exe"="C:\Program Files\Samsung\Easy Document Creator\EDC.exe:*:Enabled:Samsung Easy Document Creator"
"C:\Program Files\Samsung Easy Color Manager\Samsung Easy Color Manager.exe"="C:\Program Files\Samsung Easy Color Manager\Samsung Easy Color Manager.exe:*:Enabled:Samsung Easy Color Manager"
"C:\Documents and Settings\TEMP.RODINA\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\TEMP.RODINA\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\WatchPower1.05\jre\bin\javaw.exe"="C:\Program Files\WatchPower1.05\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Samsung Easy Color Manager\Samsung Easy Color Manager.exe"="C:\Program Files\Samsung Easy Color Manager\Samsung Easy Color Manager.exe:*:Enabled:Samsung Easy Color Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave4"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2015-01-22 21:00:26 ----D---- C:\rsit
2015-01-22 21:00:26 ----D---- C:\Program Files\trend micro
2015-01-22 12:18:56 ----D---- C:\Certifikát
2015-01-22 12:17:24 ----D---- C:\Program Files\WatchPower1.05
2015-01-22 11:55:53 ----D---- C:\Program Files\CGI IT Czech Republic s.r.o
2015-01-04 11:34:32 ----D---- C:\AdwCleaner
2015-01-04 11:21:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-12-24 20:22:32 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2015-01-22 21:00:26 ----D---- C:\Program Files
2015-01-22 20:59:19 ----D---- C:\WINDOWS\Prefetch
2015-01-22 20:53:24 ----D---- C:\Documents and Settings\TEMP.RODINA\Data aplikací\XnView
2015-01-22 20:53:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2015-01-22 20:52:07 ----D---- C:\WINDOWS\Temp
2015-01-22 20:52:07 ----D---- C:\WINDOWS
2015-01-22 19:39:45 ----N---- C:\WINDOWS\SchedLgU.Txt
2015-01-22 19:39:45 ----D---- C:\WINDOWS\system32\CatRoot2
2015-01-22 19:39:06 ----D---- C:\WINDOWS\system32\drivers\etc
2015-01-22 19:28:08 ----D---- C:\WINDOWS\system32\drivers
2015-01-22 14:24:34 ----A---- C:\WINDOWS\NeroDigital.ini
2015-01-22 12:19:11 ----D---- C:\Documents and Settings
2015-01-17 18:29:29 ----D---- C:\Documents and Settings\TEMP.RODINA\Data aplikací\602Installer
2015-01-17 18:26:57 ----D---- C:\Documents and Settings\TEMP.RODINA\Data aplikací\602XML
2015-01-17 11:33:12 ----D---- C:\WINDOWS\Microsoft.NET
2015-01-16 21:42:36 ----SHD---- C:\WINDOWS\Installer
2015-01-16 21:42:36 ----SHD---- C:\Config.Msi
2015-01-15 18:51:10 ----D---- C:\WINDOWS\Debug
2015-01-14 19:28:04 ----D---- C:\WINDOWS\system32
2015-01-14 19:18:01 ----D---- C:\WINDOWS\system32\MRT
2015-01-14 19:17:52 ----A---- C:\WINDOWS\system32\MRT.exe
2015-01-14 13:09:09 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-04 11:25:18 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-01-04 10:59:11 ----D---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-11-23 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-11-23 206248]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-03-16 99840]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2014-06-04 15808]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-30 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-11-23 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-11-23 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-11-23 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-11-23 57928]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-11-23 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-11-23 70384]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-03-20 278984]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-03-20 25416]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-02-23 9888384]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-10-28 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-10-28 19968]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 afirs4a5;afirs4a5; C:\WINDOWS\system32\drivers\afirs4a5.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2007-07-03 37768]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-23 50344]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2008-03-19 166520]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-02 107912]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-08 163908]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-02 107912]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-24 114800]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[altrok]

Zdravim

Do zaheslovanych archivu se antivir zatim dostat neumi Nalezy v System Volume Information jsou body obnoveni... kouknem na to. Nektere utility ukonci nesystemove procesy, takze je mozne, ze Vas to obcas "kopne", ale zasadni problem v tom nevidim.

Odinstalujte Spybot S&D.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Clean
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[Mithrandir]

To uz jsem delal predtim...Spybot odinstalovan...zde je log

# AdwCleaner v4.108 - Report created 22/01/2015 at 19:39:18
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Zdenda - RODINA
# Running from : C:\Documents and Settings\Zdenda\Plocha\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\6xyoko4x.default\searchplugins\yahoo_ff.xml
File Deleted : C:\Documents and Settings\TEMP.RODINA\Data aplikací\Mozilla\Firefox\Profiles\669y1tl7.default\searchplugins\yahoo_ff.xml
File Deleted : C:\Documents and Settings\Zdenda\Data aplikací\Mozilla\Firefox\Profiles\9w7i2s0w.default\searchplugins\yahoo_ff.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Příslušenství\Komunikace\Síťová připojení.lnk

***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v31.0 (x86 cs)


-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [4437 octets] - [04/01/2015 11:34:37]
AdwCleaner[R1].txt - [923 octets] - [04/01/2015 11:43:35]
AdwCleaner[R2].txt - [1378 octets] - [22/01/2015 19:30:22]
AdwCleaner[R3].txt - [1438 octets] - [22/01/2015 19:34:45]
AdwCleaner[S0].txt - [4613 octets] - [04/01/2015 11:38:39]
AdwCleaner[S1].txt - [1494 octets] - [22/01/2015 19:39:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1554 octets] ##########

[altrok]

Spustte C:\Program Files\trend micro\mamka taťka.exe

• kliknete na Do a system scan only
• zatrhnete (udelejte fajfku) nasledujici polozky
  • O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1177238915-573735546-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Zdenda')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
• kliknete na Fix checked

Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Mithrandir]

Mne ten FRST nejde nainstalovat...vkladam log z RSIT...ten FRST kdyztak zkusim nainstalovat zitra, az budu osobne u PC.

LOG z RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by Zdenda at 2015-01-22 22:17:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (20%) free of 50 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:18:17, on 22.1.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\docume~1\temp~1.rod\locals~1\temp\teamviewer\version9\TeamViewer_Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\docume~1\temp~1.rod\locals~1\temp\teamviewer\version9\TeamViewer_Desktop.exe
C:\WINDOWS\Explorer.EXE
c:\docume~1\temp~1.rod\locals~1\temp\teamviewer\version9\TeamViewer.exe
c:\docume~1\temp~1.rod\locals~1\temp\teamviewer\version9\tv_w32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Zdenda\Plocha\RSIT.exe
C:\Program Files\trend micro\Zdenda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Google Update] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/1 ... oader4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - c:\docume~1\temp~1.rod\locals~1\temp\teamviewer\version9\TeamViewer_Service.exe

--
End of file - 8257 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job - C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job - C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-573735546-1417001333-1004.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-573735546-1417001333-1009.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-573735546-1417001333-1004.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-573735546-1417001333-1009.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck
C:\WINDOWS\tasks\SmartDefrag.job - C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe /Schedule
C:\WINDOWS\tasks\SmartDefrag3_Update.job - C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe /autorun

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Zdenda\Data aplikací\Mozilla\Firefox\Profiles\9w7i2s0w.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/?clid=22668"
prefs.js - "extensions.enabledItems" - "xmlfiller@software602.cz:3.16.2, {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, wrc@avast.com:20110101, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=quick ... earchTerms}&"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.257 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732]
"Description"=6.0.12.732
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Documents and Settings\Zdenda\Data aplikací\Mozilla\Firefox\Profiles\9w7i2s0w.default\extensions\
xmlfiller@software602.cz
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Documents and Settings\Zdenda\Data aplikací\Mozilla\Firefox\Profiles\9w7i2s0w.default\searchplugins\
Google.xml
seznam-avast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-23 586968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-05 491008]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-20 202256]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-01-10 5227112]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 350072]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth"
"C:\WINDOWS\system32\SUPDSvc.exe"="C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"D:\The Witcher 2 Enhanced Edition\bin\witcher2.exe"="D:\The Witcher 2 Enhanced Edition\bin\witcher2.exe:*:Enabled:The Witcher 2: Assasins of Kings"
"C:\WINDOWS\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe"="C:\WINDOWS\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe:*:Enabled:Samsung Scanner Discovery Module V3"
"C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager"
"C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe"="C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies "
"C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert "
"C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe"="C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe:*:Enabled:Samsung uninstaller "
"C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe"="C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:EPM CDA Scan2PC"
"C:\Program Files\Samsung\Easy Document Creator\EDC.exe"="C:\Program Files\Samsung\Easy Document Creator\EDC.exe:*:Enabled:Samsung Easy Document Creator"
"C:\Program Files\Samsung Easy Color Manager\Samsung Easy Color Manager.exe"="C:\Program Files\Samsung Easy Color Manager\Samsung Easy Color Manager.exe:*:Enabled:Samsung Easy Color Manager"
"C:\Documents and Settings\TEMP.RODINA\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\TEMP.RODINA\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\WatchPower1.05\jre\bin\javaw.exe"="C:\Program Files\WatchPower1.05\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Samsung Easy Color Manager\Samsung Easy Color Manager.exe"="C:\Program Files\Samsung Easy Color Manager\Samsung Easy Color Manager.exe:*:Enabled:Samsung Easy Color Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave4"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2015-01-22 21:00:26 ----D---- C:\rsit
2015-01-22 21:00:26 ----D---- C:\Program Files\trend micro
2015-01-22 12:18:56 ----D---- C:\Certifikát
2015-01-22 12:17:24 ----D---- C:\Program Files\WatchPower1.05
2015-01-22 11:55:53 ----D---- C:\Program Files\CGI IT Czech Republic s.r.o
2015-01-04 11:34:32 ----D---- C:\AdwCleaner
2015-01-04 11:21:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-12-24 20:22:32 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2015-01-22 22:18:03 ----D---- C:\WINDOWS\Prefetch
2015-01-22 22:07:16 ----D---- C:\WINDOWS\Temp
2015-01-22 22:05:51 ----D---- C:\WINDOWS
2015-01-22 22:05:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2015-01-22 22:05:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-01-22 21:57:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2015-01-22 21:00:26 ----D---- C:\Program Files
2015-01-22 19:39:45 ----D---- C:\WINDOWS\system32\CatRoot2
2015-01-22 19:39:06 ----D---- C:\WINDOWS\system32\drivers\etc
2015-01-22 19:28:08 ----D---- C:\WINDOWS\system32\drivers
2015-01-22 14:24:34 ----A---- C:\WINDOWS\NeroDigital.ini
2015-01-22 12:19:11 ----D---- C:\Documents and Settings
2015-01-17 11:33:12 ----D---- C:\WINDOWS\Microsoft.NET
2015-01-16 21:42:36 ----SHD---- C:\WINDOWS\Installer
2015-01-16 21:42:36 ----SHD---- C:\Config.Msi
2015-01-15 18:51:10 ----D---- C:\WINDOWS\Debug
2015-01-14 19:28:04 ----D---- C:\WINDOWS\system32\MRT
2015-01-14 19:28:04 ----D---- C:\WINDOWS\system32
2015-01-14 19:17:52 ----A---- C:\WINDOWS\system32\MRT.exe
2015-01-14 13:09:09 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-04 11:25:18 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-01-04 10:59:44 ----D---- C:\Documents and Settings\Zdenda\Data aplikací\XnView
2015-01-04 10:59:11 ----D---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-11-23 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-11-23 206248]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-03-16 99840]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2014-06-04 15808]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-30 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-11-23 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-11-23 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-11-23 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-11-23 57928]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-11-23 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-11-23 70384]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-03-20 278984]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-03-20 25416]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-02-23 9888384]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-10-28 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-10-28 19968]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ayv9jmad;ayv9jmad; C:\WINDOWS\system32\drivers\ayv9jmad.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2007-07-03 37768]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-23 50344]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2008-03-19 166520]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
R2 TeamViewer9;TeamViewer 9; c:\docume~1\temp~1.rod\locals~1\temp\teamviewer\version9\TeamViewer_Service.exe [2014-09-12 4382992]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-02 107912]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-08 163908]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-02 107912]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-24 114800]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[altrok]

OK, procistime zatim aspon castecne - FRST log ukaze trosku jine informace.

Co Vam presne na FRST neslo? FRSTLauncher nektere antiviry oznacuji jako hrozbu, takze je nekdy nutne antivir docasne vypnout.

Od IObitu tam mate jen SmartDefrag?

Odinstalujte Ad-Aware.

Jen z tohoto logu nemuzu presne urcit, jakou verzi Javy mate nainstalovanou, ale pravdepodobne starou... stare verze odinstalujte a nove pripadne nainstalujte z java.com - pozor na adwary ( http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 ). Pokud ji nepouzivate (dnes ji pouzivam snad jen do pristupu do katastru nemovitosti), nechte ji odinstalovanou... z bezpecnostniho hlediska je lepsi ji nemit (exploity).

• Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
• ukoncete vsechny programy
• kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
• po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

Kód: Vybrat vše

:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Real*.job
C:\WINDOWS\tasks\Smart*.job

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"GrooveMonitor"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

[Mithrandir]

Problem byl s tim "zavirovanim" a pres tu vzdalenou spravu to slo blbe...zkusim to zitra na miste...a vlozim pozadovany log z FRST...Zatim dik...

[altrok]

OK... samotne "zavirovani" jak uvadite je mozne vyresit smazanim bodu obnoveni - http://forum.viry.cz/viewtopic.php?f=46&t=47040
pokud resime jen neotestovatelne archivy (chranene heslem), smazani restore pointu problem vyresi.

[Mithrandir]

Zdravim,
tak jsem provedl pozadovane.

Od IObitu mam jen Smart defrag
Ad-aware jsem na PC nenasel nainstalovany...byl tam drive, ale uz byl odinstalovan.
Javu jsem aktualizoval na 7...8 dle stranek javy na win xp jiz neni podporovana.
Provedl jsem doporucene v programu OTM a zde je log:
Dole prilozim log jeste ve FRST a Addition.txt

OTM
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 14169753 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 3806056 bytes

User: mamka taťka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 5090473 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Radek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 31474 bytes
->FireFox cache emptied: 166169098 bytes
->Flash cache emptied: 3309 bytes

User: TEMP
->Temp folder emptied: 53312 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 29344 bytes
->FireFox cache emptied: 76748125 bytes
->Flash cache emptied: 782 bytes

User: TEMP.RODINA
->Temp folder emptied: 37216046 bytes
->Temporary Internet Files folder emptied: 862758 bytes
->Java cache emptied: 269893 bytes
->FireFox cache emptied: 652208187 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3812 bytes

User: Zdenda
->Temp folder emptied: 117514 bytes
->Temporary Internet Files folder emptied: 626346 bytes
->Java cache emptied: 295322 bytes
->FireFox cache emptied: 76939992 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 163336 bytes
%systemroot%\System32 .tmp files removed: 10056008 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1529638593 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 455,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: mamka taťka

User: NetworkService

User: Radek
->Flash cache emptied: 0 bytes

User: TEMP
->Flash cache emptied: 0 bytes

User: TEMP.RODINA
->Flash cache emptied: 0 bytes

User: Zdenda
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: mamka taťka

User: NetworkService

User: Radek
->Java cache emptied: 0 bytes

User: TEMP
->Java cache emptied: 0 bytes

User: TEMP.RODINA
->Java cache emptied: 0 bytes

User: Zdenda
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP142.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP156.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP186.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP198.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP260.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP271.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP272.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP330.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP373.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP49.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4BD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4D1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP53F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP65.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF7.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI13.tmp moved successfully.
C:\WINDOWS\Installer\MSI145.tmp moved successfully.
C:\WINDOWS\Installer\MSI160.tmp moved successfully.
C:\WINDOWS\Installer\MSI168.tmp moved successfully.
C:\WINDOWS\Installer\MSI16A.tmp moved successfully.
C:\WINDOWS\Installer\MSI16B.tmp moved successfully.
C:\WINDOWS\Installer\MSI16C.tmp moved successfully.
C:\WINDOWS\Installer\MSI196.tmp moved successfully.
C:\WINDOWS\Installer\MSI1A9.tmp moved successfully.
C:\WINDOWS\Installer\MSI1D6.tmp moved successfully.
C:\WINDOWS\Installer\MSI1D7.tmp moved successfully.
C:\WINDOWS\Installer\MSI1D8.tmp moved successfully.
C:\WINDOWS\Installer\MSI1D9.tmp moved successfully.
C:\WINDOWS\Installer\MSI1DA.tmp moved successfully.
C:\WINDOWS\Installer\MSI1F4.tmp moved successfully.
C:\WINDOWS\Installer\MSI237.tmp moved successfully.
C:\WINDOWS\Installer\MSI266.tmp moved successfully.
C:\WINDOWS\Installer\MSI275.tmp moved successfully.
C:\WINDOWS\Installer\MSI2A5.tmp moved successfully.
C:\WINDOWS\Installer\MSI2E1.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D3.tmp moved successfully.
C:\WINDOWS\Installer\MSI412.tmp moved successfully.
C:\WINDOWS\Installer\MSI413.tmp moved successfully.
C:\WINDOWS\Installer\MSI414.tmp moved successfully.
C:\WINDOWS\Installer\MSI415.tmp moved successfully.
C:\WINDOWS\Installer\MSI46.tmp moved successfully.
C:\WINDOWS\Installer\MSI67.tmp moved successfully.
C:\WINDOWS\Installer\MSI6C.tmp moved successfully.
C:\WINDOWS\Installer\MSI86.tmp moved successfully.
C:\WINDOWS\Installer\MSI87.tmp moved successfully.
C:\WINDOWS\Installer\MSI88.tmp moved successfully.
C:\WINDOWS\Installer\MSI89.tmp moved successfully.
C:\WINDOWS\Installer\MSI8A.tmp moved successfully.
C:\WINDOWS\Installer\MSI98.tmp moved successfully.
C:\WINDOWS\Installer\MSI9F.tmp moved successfully.
C:\WINDOWS\Installer\MSIA0.tmp moved successfully.
C:\WINDOWS\Installer\MSIA1.tmp moved successfully.
C:\WINDOWS\Installer\MSIA2.tmp moved successfully.
C:\WINDOWS\Installer\MSIA3.tmp moved successfully.
C:\WINDOWS\Installer\MSIA4.tmp moved successfully.
C:\WINDOWS\Installer\MSIA5.tmp moved successfully.
C:\WINDOWS\Installer\MSIA6.tmp moved successfully.
C:\WINDOWS\Installer\MSIA7.tmp moved successfully.
C:\WINDOWS\Installer\MSIA8.tmp moved successfully.
C:\WINDOWS\Installer\MSIA9.tmp moved successfully.
C:\WINDOWS\Installer\MSIAA.tmp moved successfully.
C:\WINDOWS\Installer\MSIAB.tmp moved successfully.
C:\WINDOWS\Installer\MSIAC.tmp moved successfully.
C:\WINDOWS\Installer\MSIAD.tmp moved successfully.
C:\WINDOWS\Installer\MSIAE.tmp moved successfully.
C:\WINDOWS\Installer\MSIAF.tmp moved successfully.
C:\WINDOWS\Installer\MSIB0.tmp moved successfully.
C:\WINDOWS\Installer\MSIB1.tmp moved successfully.
C:\WINDOWS\Installer\MSIB2.tmp moved successfully.
C:\WINDOWS\Installer\MSIB3.tmp moved successfully.
C:\WINDOWS\Installer\MSIB4.tmp moved successfully.
C:\WINDOWS\Installer\MSIB5.tmp moved successfully.
C:\WINDOWS\Installer\MSIB6.tmp moved successfully.
C:\WINDOWS\Installer\MSIC2.tmp moved successfully.
C:\WINDOWS\Installer\MSIC3.tmp moved successfully.
C:\WINDOWS\Installer\MSIC4.tmp moved successfully.
C:\WINDOWS\Installer\MSIF1.tmp moved successfully.
C:\WINDOWS\Installer\MSIF2.tmp moved successfully.
C:\WINDOWS\Installer\MSIF3.tmp moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job moved successfully.
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job moved successfully.
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job moved successfully.
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-573735546-1417001333-1004.job moved successfully.
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-573735546-1417001333-1009.job moved successfully.
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-573735546-1417001333-1004.job moved successfully.
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-573735546-1417001333-1009.job moved successfully.
C:\WINDOWS\tasks\SmartDefrag.job moved successfully.
C:\WINDOWS\tasks\SmartDefrag3_Update.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 01242015_112654

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

FRST LOG
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015
Ran by Zdenda (administrator) on RODINA on 24-01-2015 12:09:21
Running from C:\Documents and Settings\Zdenda\Plocha
Loaded Profiles: Zdenda (Available profiles: Zdenda & Radek & mamka taťka & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
() C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
(TeamViewer GmbH) C:\DOCUME~1\TEMP~1.ROD\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\DOCUME~1\TEMP~1.ROD\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\DOCUME~1\TEMP~1.ROD\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\DOCUME~1\TEMP~1.ROD\LOCALS~1\Temp\TeamViewer\Version9\tv_w32.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Chicony) C:\WINDOWS\mHotkey.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Software602) C:\Program Files\Software602\Print2PDF\Print2PDF.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(IVT Corporation.) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(IVT Corporation.) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [CHotkey] => C:\WINDOWS\mHotkey.exe [491008 2002-07-05] (Chicony)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17881600 2009-05-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Sony Ericsson PC Suite] => C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [487424 2006-11-24] ()
HKLM\...\Run: [Print2PDF Print Monitor] => C:\Program Files\Software602\Print2PDF\Print2PDF.exe [220992 2011-10-04] (Software602)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1177238915-573735546-1417001333-1004\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2014-02-10] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
ShortcutTarget: BlueSoleil.lnk -> C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe (IVT Corporation.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\mamka taťka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\prf60.tmp ()
Startup: C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy\Po spuštění\prf38.tmp ()
Startup: C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy\Po spuštění\WatchPower.lnk
ShortcutTarget: WatchPower.lnk -> C:\Program Files\WatchPower1.05\WatchPower.exe (Acresso)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
CHR HKU\S-1-5-21-1177238915-573735546-1417001333-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1177238915-573735546-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-1177238915-573735546-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKU\S-1-5-21-1177238915-573735546-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1177238915-573735546-1417001333-1004 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
SearchScopes: HKU\S-1-5-21-1177238915-573735546-1417001333-1004 -> {CAE45D6A-D4C8-47F1-9488-15B69D7CC1F5} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1177238915-573735546-1417001333-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/1 ... oader4.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Zdenda\Data aplikací\Mozilla\Firefox\Profiles\9w7i2s0w.default
FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Seznam
FF SelectedSearchEngine: Seznam
FF Homepage: https://www.seznam.cz/?clid=22668
FF Keyword.URL: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\Zdenda\Data aplikací\Mozilla\Firefox\Profiles\9w7i2s0w.default\searchplugins\seznam-avast.xml
FF Extension: 602XML Filler - C:\Documents and Settings\Zdenda\Data aplikací\Mozilla\Firefox\Profiles\9w7i2s0w.default\Extensions\xmlfiller@software602.cz [2010-09-01]
FF Extension: DownloadHelper - C:\Documents and Settings\Zdenda\Data aplikací\Mozilla\Firefox\Profiles\9w7i2s0w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-22]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-03-18]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension

Chrome:
=======
CHR Profile: C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-25]
CHR Extension: (Disk Google) - C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-25]
CHR Extension: (YouTube) - C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-25]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-25]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-25]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R2 BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [166520 2008-03-19] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-01-24] (Oracle Corporation)
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [208896 2006-08-08] (Nero AG) [File not signed]
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [163908 2009-03-08] (NVIDIA Corporation) [File not signed]
R2 Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [51816 2008-03-19] ()
R2 TeamViewer9; c:\Documents and Settings\TEMP.RODINA\Local Settings\Temp\teamviewer\Version9\TeamViewer_Service.exe [4382992 2014-09-12] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [278984 2009-03-20] ()
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34312 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27656 2007-06-24] (IVT Corporation.)
R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [38920 2007-06-24] (IVT Corporation.)
R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2007-01-17] (Samsung Electronics Co., Ltd.) [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 GVCplDrv; C:\WINDOWS\system32\Drivers\GVCplDrv.sys [23040 2004-05-02] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-03-09] (Lavasoft AB)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25416 2009-03-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [99840 2006-03-16] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-10-28] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-10-28] (NVIDIA Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 se45bus; C:\WINDOWS\System32\DRIVERS\se45bus.sys [61536 2006-11-30] (MCCI)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-08-30] () [File not signed]
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [37768 2007-07-03] (Microsoft Corporation)
U3 ak1yru3e; C:\WINDOWS\system32\Drivers\ak1yru3e.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
U5 BTHPORT; C:\Windows\System32\Drivers\BTHPORT.sys [272128 2008-06-14] (Microsoft Corporation)
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [46592 2008-04-14] (Microsoft Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 12:07 - 2015-01-24 12:07 - 00038462 _____ () C:\Documents and Settings\Zdenda\Plocha\FRST3.txt
2015-01-24 12:04 - 2015-01-24 12:09 - 00021090 _____ () C:\Documents and Settings\Zdenda\Plocha\FRST.txt
2015-01-24 12:04 - 2015-01-24 12:09 - 00000000 ____D () C:\FRST
2015-01-24 12:00 - 2015-01-24 12:00 - 01121280 _____ (Farbar) C:\Documents and Settings\Zdenda\Plocha\FRST.exe
2015-01-24 12:00 - 2015-01-24 12:00 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Zdenda\Plocha\FRSTLauncher.exe
2015-01-24 11:26 - 2015-01-24 11:26 - 00000000 ____D () C:\_OTM
2015-01-24 11:24 - 2015-01-24 11:25 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Zdenda\Plocha\OTM.exe
2015-01-24 10:41 - 2015-01-24 10:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-24 10:41 - 2015-01-24 10:41 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2015-01-24 10:41 - 2015-01-24 10:40 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-01-24 10:41 - 2015-01-24 10:40 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-01-24 10:41 - 2015-01-24 10:40 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-01-24 10:41 - 2015-01-24 10:40 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-01-24 10:41 - 2015-01-24 10:40 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-01-22 22:17 - 2015-01-22 22:17 - 01107968 _____ () C:\Documents and Settings\Zdenda\Plocha\RSIT.exe
2015-01-22 21:02 - 2015-01-22 21:02 - 00000000 ____D () C:\Documents and Settings\TEMP.RODINA\Plocha\Zdenda
2015-01-22 21:00 - 2015-01-22 22:17 - 00000000 ____D () C:\Program Files\trend micro
2015-01-22 21:00 - 2015-01-22 21:01 - 00000000 ____D () C:\rsit
2015-01-22 19:39 - 2015-01-04 11:11 - 00450689 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150122-193906.backup
2015-01-22 19:29 - 2015-01-22 19:29 - 02186752 _____ () C:\Documents and Settings\Zdenda\Plocha\adwcleaner_4.108.exe
2015-01-22 12:19 - 2015-01-21 20:27 - 00003500 _____ () C:\Documents and Settings\Certifikát p.Skalický.pfx
2015-01-22 12:18 - 2015-01-22 12:19 - 00000000 ____D () C:\Certifikát
2015-01-22 12:17 - 2015-01-22 12:17 - 00001620 _____ () C:\Documents and Settings\TEMP.RODINA\Plocha\WatchPower.lnk
2015-01-22 12:17 - 2015-01-22 12:17 - 00000000 ____D () C:\Program Files\WatchPower1.05
2015-01-22 12:17 - 2015-01-22 12:17 - 00000000 ____D () C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy\WatchPower1.05
2015-01-22 11:55 - 2015-01-22 11:55 - 00000000 ____D () C:\Program Files\CGI IT Czech Republic s.r.o
2015-01-04 11:42 - 2014-12-20 10:33 - 00050688 _____ (Atribune.org) C:\Documents and Settings\Zdenda\Plocha\ATF-Cleaner.exe
2015-01-04 11:34 - 2015-01-22 19:39 - 00000000 ____D () C:\AdwCleaner
2015-01-04 11:21 - 2015-01-04 11:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-01-04 11:11 - 2014-07-13 09:19 - 00450625 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150104-111115.backup
2015-01-04 10:48 - 2014-09-23 15:39 - 32049256 _____ () C:\Documents and Settings\Zdenda\Plocha\Firefox Setup 31.0.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 12:09 - 2012-04-26 07:45 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-24 12:09 - 2009-03-14 21:43 - 00000000 ____D () C:\Documents and Settings\Zdenda\Plocha
2015-01-24 12:09 - 2009-03-14 21:43 - 00000000 ____D () C:\Documents and Settings\Zdenda\Local Settings\Temp
2015-01-24 12:08 - 2009-03-14 21:43 - 00000000 ___HD () C:\Documents and Settings\Zdenda\Local Settings\Data aplikací
2015-01-24 11:53 - 2010-05-31 20:15 - 02074690 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-24 11:52 - 2012-07-14 14:04 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-24 11:52 - 2012-01-07 14:31 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-24 11:52 - 2010-06-13 08:29 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-24 11:51 - 2009-03-14 21:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-24 11:50 - 2010-06-13 08:29 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-24 11:50 - 2009-07-13 20:53 - 00000178 ___SH () C:\Documents and Settings\TEMP.RODINA\ntuser.ini
2015-01-24 11:50 - 2009-07-13 20:48 - 00000000 ____D () C:\Documents and Settings\TEMP.RODINA\Local Settings\Temp
2015-01-24 11:27 - 2009-03-18 18:45 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Temp
2015-01-24 11:00 - 2009-03-14 21:35 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-01-24 10:57 - 2009-03-14 21:43 - 00000178 ___SH () C:\Documents and Settings\Zdenda\ntuser.ini
2015-01-24 10:52 - 2009-03-14 21:43 - 00000000 ____D () C:\Documents and Settings\Zdenda
2015-01-24 10:41 - 2009-03-14 22:23 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-01-24 09:26 - 2008-04-14 13:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-23 16:09 - 2012-04-26 07:45 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-23 16:09 - 2011-05-14 16:25 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-23 15:02 - 2009-07-13 20:48 - 00000000 ___HD () C:\Documents and Settings\TEMP.RODINA\Local Settings\Data aplikací
2015-01-23 14:33 - 2012-09-03 16:17 - 00002563 _____ () C:\Documents and Settings\TEMP.RODINA\Plocha\Microsoft Office Word 2007.lnk
2015-01-23 10:47 - 2009-07-13 20:48 - 00000000 ____D () C:\Documents and Settings\TEMP.RODINA\Plocha
2015-01-23 06:55 - 2009-03-20 17:25 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-22 22:05 - 2009-03-14 22:37 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-01-22 21:57 - 2009-03-14 22:37 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2015-01-22 20:55 - 2009-07-13 20:48 - 00000000 ____D () C:\Documents and Settings\TEMP.RODINA
2015-01-22 20:54 - 2012-08-14 09:48 - 00000000 ____D () C:\Documents and Settings\Zdenda\Zálohy CCleaner
2015-01-22 20:53 - 2009-10-28 13:05 - 00000000 ____D () C:\Documents and Settings\TEMP.RODINA\Data aplikací\XnView
2015-01-22 19:28 - 2009-03-14 22:23 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-01-22 14:24 - 2009-03-15 09:44 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2015-01-22 12:17 - 2009-07-13 20:48 - 00000000 ___RD () C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy\Po spuštění
2015-01-22 12:17 - 2009-07-13 20:48 - 00000000 ___RD () C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy
2015-01-17 18:26 - 2011-03-19 12:12 - 00000000 ____D () C:\Documents and Settings\TEMP.RODINA\Data aplikací\602XML
2015-01-15 19:28 - 2010-09-27 15:23 - 00000000 ____D () C:\Documents and Settings\Zdenda\Plocha\mamka rez. misto
2015-01-15 18:34 - 2014-09-23 15:15 - 00000712 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2015-01-15 18:34 - 2014-09-23 15:15 - 00000712 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2015-01-15 16:33 - 2014-05-15 22:40 - 00000000 ____D () C:\Documents and Settings\TEMP.RODINA\Dokumenty\Scan
2015-01-14 19:28 - 2013-08-13 21:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 19:17 - 2009-03-19 16:59 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-04 11:42 - 2010-05-16 15:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-04 11:42 - 2009-03-15 12:39 - 00000000 ____D () C:\Documents and Settings\Radek\Local Settings\Temp
2015-01-04 11:42 - 2009-03-15 12:35 - 00000000 ____D () C:\Documents and Settings\mamka taťka\Local Settings\Temp
2015-01-04 11:42 - 2009-03-14 21:42 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-04 11:38 - 2009-03-15 12:39 - 00000000 __RHD () C:\Documents and Settings\Radek\Data aplikací
2015-01-04 11:25 - 2014-09-23 15:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-04 11:21 - 2009-03-14 22:23 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-01-04 11:00 - 2012-07-28 16:01 - 00000000 ____D () C:\Documents and Settings\Zdenda\Dokumenty\Zálohy registru CCleaner
2015-01-04 10:59 - 2011-05-14 15:59 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2015-01-04 10:59 - 2009-06-01 15:28 - 00000000 ____D () C:\Documents and Settings\Zdenda\Data aplikací\XnView
2015-01-04 10:59 - 2009-03-14 23:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-04 10:57 - 2009-03-20 16:37 - 00000000 ____D () C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\Adobe
2015-01-04 10:50 - 2014-12-24 20:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Files in the root of some directories =======

2011-11-28 17:30 - 2014-04-28 17:48 - 0010489 _____ () C:\Documents and Settings\Zdenda\Data aplikací\SmarThruOptions.xml
2009-03-15 09:44 - 2013-08-14 19:13 - 0074240 _____ () C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-16 14:15 - 2011-04-16 14:15 - 0000126 _____ () C:\Documents and Settings\Zdenda\Local Settings\Data aplikací\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
  HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
  HKLM\...\Policies\Explorer: [NoResolveSearch] 1
  HKU\S-1-5-21-1177238915-573735546-1417001333-1004\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
  HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2014-02-10] (Google Inc.)
  Startup: C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\prf60.tmp ()
  Startup: C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy\Po spuštění\prf38.tmp ()
  ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
  ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
  ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
  ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
  CHR HKU\S-1-5-21-1177238915-573735546-1417001333-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-21-1177238915-573735546-1417001333-1004 -> {CAE45D6A-D4C8-47F1-9488-15B69D7CC1F5} URL = http://search.yahoo.com/search?fr=chr-g ... =541231&p={searchTerms}
  
  FF DefaultSearchEngine: Seznam
  FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
  FF SearchEngineOrder.1: Seznam
  FF SelectedSearchEngine: Seznam
  FF Keyword.URL: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
  
  S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
  S4 IntelIde; No ImagePath
  S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
  U1 WS2IFSL; No ImagePath
  
  2015-01-24 12:07 - 2015-01-24 12:07 - 00038462 _____ () C:\Documents and Settings\Zdenda\Plocha\FRST3.txt
  2015-01-24 12:04 - 2015-01-24 12:09 - 00021090 _____ () C:\Documents and Settings\Zdenda\Plocha\FRST.txt
  2015-01-24 12:00 - 2015-01-24 12:00 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Zdenda\Plocha\FRSTLauncher.exe
  2015-01-24 11:26 - 2015-01-24 11:26 - 00000000 ____D () C:\_OTM
  2015-01-24 11:24 - 2015-01-24 11:25 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Zdenda\Plocha\OTM.exe
  2015-01-22 22:17 - 2015-01-22 22:17 - 01107968 _____ () C:\Documents and Settings\Zdenda\Plocha\RSIT.exe
  2015-01-22 21:00 - 2015-01-22 22:17 - 00000000 ____D () C:\Program Files\trend micro
  2015-01-22 21:00 - 2015-01-22 21:01 - 00000000 ____D () C:\rsit
  2015-01-22 19:29 - 2015-01-22 19:29 - 02186752 _____ () C:\Documents and Settings\Zdenda\Plocha\adwcleaner_4.108.exe
  2015-01-04 11:34 - 2015-01-22 19:39 - 00000000 ____D () C:\AdwCleaner
  2015-01-04 10:48 - 2014-09-23 15:39 - 32049256 _____ () C:\Documents and Settings\Zdenda\Plocha\Firefox Setup 31.0.exe
  2015-01-22 22:05 - 2009-03-14 22:37 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
  2015-01-22 21:57 - 2009-03-14 22:37 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
  AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:BEF4B0E7
  EmptyTemp:
  End
  

[Mithrandir]

Zde je Fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by Zdenda at 2015-01-24 14:00:57 Run:1
Running from C:\Documents and Settings\Zdenda\Plocha
Loaded Profiles: Zdenda (Available profiles: Zdenda & Radek & mamka taťka & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1177238915-573735546-1417001333-1004\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2014-02-10] (Google Inc.)
Startup: C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\prf60.tmp ()
Startup: C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy\Po spuštění\prf38.tmp ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
CHR HKU\S-1-5-21-1177238915-573735546-1417001333-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1177238915-573735546-1417001333-1004 -> {CAE45D6A-D4C8-47F1-9488-15B69D7CC1F5} URL = http://search.yahoo.com/search?fr=chr-g ... =541231&p={searchTerms}

FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Seznam
FF SelectedSearchEngine: Seznam
FF Keyword.URL: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&

S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U1 WS2IFSL; No ImagePath

2015-01-24 12:07 - 2015-01-24 12:07 - 00038462 _____ () C:\Documents and Settings\Zdenda\Plocha\FRST3.txt
2015-01-24 12:04 - 2015-01-24 12:09 - 00021090 _____ () C:\Documents and Settings\Zdenda\Plocha\FRST.txt
2015-01-24 12:00 - 2015-01-24 12:00 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Zdenda\Plocha\FRSTLauncher.exe
2015-01-24 11:26 - 2015-01-24 11:26 - 00000000 ____D () C:\_OTM
2015-01-24 11:24 - 2015-01-24 11:25 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Zdenda\Plocha\OTM.exe
2015-01-22 22:17 - 2015-01-22 22:17 - 01107968 _____ () C:\Documents and Settings\Zdenda\Plocha\RSIT.exe
2015-01-22 21:00 - 2015-01-22 22:17 - 00000000 ____D () C:\Program Files\trend micro
2015-01-22 21:00 - 2015-01-22 21:01 - 00000000 ____D () C:\rsit
2015-01-22 19:29 - 2015-01-22 19:29 - 02186752 _____ () C:\Documents and Settings\Zdenda\Plocha\adwcleaner_4.108.exe
2015-01-04 11:34 - 2015-01-22 19:39 - 00000000 ____D () C:\AdwCleaner
2015-01-04 10:48 - 2014-09-23 15:39 - 32049256 _____ () C:\Documents and Settings\Zdenda\Plocha\Firefox Setup 31.0.exe
2015-01-22 22:05 - 2009-03-14 22:37 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-01-22 21:57 - 2009-03-14 22:37 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:BEF4B0E7
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value deleted successfully.
HKU\S-1-5-21-1177238915-573735546-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
C:\Documents and Settings\Radek\Nabídka Start\Programy\Po spuštění\prf60.tmp => Moved successfully.
C:\Documents and Settings\TEMP.RODINA\Nabídka Start\Programy\Po spuštění\prf38.tmp => Moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKU\S-1-5-21-1177238915-573735546-1417001333-1004\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1177238915-573735546-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CAE45D6A-D4C8-47F1-9488-15B69D7CC1F5}" => Key deleted successfully.
HKCR\CLSID\{CAE45D6A-D4C8-47F1-9488-15B69D7CC1F5} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
GMSIPCI => Service deleted successfully.
IntelIde => Service deleted successfully.
pccsmcfd => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\Zdenda\Plocha\FRST3.txt => Moved successfully.
C:\Documents and Settings\Zdenda\Plocha\FRST.txt => Moved successfully.
"C:\Documents and Settings\Zdenda\Plocha\FRSTLauncher.exe" => File/Directory not found.
C:\_OTM => Moved successfully.
C:\Documents and Settings\Zdenda\Plocha\OTM.exe => Moved successfully.
C:\Documents and Settings\Zdenda\Plocha\RSIT.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Documents and Settings\Zdenda\Plocha\adwcleaner_4.108.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Documents and Settings\Zdenda\Plocha\Firefox Setup 31.0.exe => Moved successfully.
C:\Program Files\Spybot - Search & Destroy => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":BEF4B0E7" ADS removed successfully.
EmptyTemp: => Removed 55.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:01:15 ====

[altrok]

ok, timto byl PC vycisten
body obnoveni jste smazal?
az bude cas, pustte tam kontrolu avastu at zjistime, jestli uvodni problem pretrvava... jakekoliv anomalie v chodu systemu pripadne nahlaste

[Mithrandir]

OK...Dekuji moc...PC bezi o poznani rychleji...Body obnoveni jsem jiz smazal..AVAST pustim. Diky za pomoc...

[altrok]

nemate zac

jeste se ozvete, jak to vypada... pripadne uz jen uklidime pouzite utility

[Mithrandir]

Tak Avast mi pri rychlem testu nasel opet v adresari System Volume Information Win32: Malware-gen....ty neotestovatelne soubory uz tam nejsou...