VIRY.CZ

Prosím o kontrolu logu. Nějak se mi zpomalil počítač a někdy zamrzá. Vkládám log z FRST. Log Addition.txt nejde zabalit winrar hlásí, že je poškozen, ale mám ho na ploše kdyby bylo potřeba. Díky za pomoc. ralcar.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-10-2015
Ran by Radim (administrator) on 84B938A95D0145B (13-10-2015 11:23:43)
Running from C:\Documents and Settings\Radim\Plocha
Loaded Profiles: Radim (Available Profiles: Radim & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Microsoft Corp., Veritas Software) C:\WINDOWS\system32\dmadmin.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23] (ATI Technologies Inc.)
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [393728 2012-11-27] (BitTorrent, Inc.)
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2012-09-14] (SmartSoft Ltd.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B8E94BCD-1AE7-46CF-A923-A759DF3A2A72}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1708537768-1364589140-1177238915-1004 -> DefaultScope {D17E06F4-8FF1-4155-A33F-259C56A80459} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... AZ_csCZ451
SearchScopes: HKU\S-1-5-21-1708537768-1364589140-1177238915-1004 -> {D17E06F4-8FF1-4155-A33F-259C56A80459} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... AZ_csCZ451
Toolbar: HKU\S-1-5-21-1708537768-1364589140-1177238915-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2011-06-21] (Společnost Microsoft)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187
FF Homepage: hxxp://www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-25] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-11-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-11-22] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1708537768-1364589140-1177238915-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1708537768-1364589140-1177238915-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Native Client) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\44.0.2403.130\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\44.0.2403.130\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\44.0.2403.130\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Verbatim Translatio) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bobgnmijljonenlachekpkgikohcghon [2012-07-03]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
S3 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [323584 2013-03-22] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [25244 1999-09-10] (Adaptec)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17472 2015-05-11] (Glarysoft Ltd)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [1076968 2014-04-08] (Realtek Semiconductor Corporation )
S3 s0016bus; C:\WINDOWS\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\WINDOWS\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\WINDOWS\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\WINDOWS\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\WINDOWS\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2015-08-12] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 Bcim; system32\DRIVERS\bcim.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X]
S1 MpKsl247733c8; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys [X]
S1 MpKslb7b84e2a; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys [X]
S1 MpKslefaba5f7; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 11:23 - 2015-10-13 11:24 - 00013129 _____ C:\Documents and Settings\Radim\Plocha\FRST.txt
2015-10-13 11:20 - 2015-10-13 11:23 - 00000000 ____D C:\FRST
2015-10-13 11:19 - 2015-10-13 11:19 - 01699840 _____ (Farbar) C:\Documents and Settings\Radim\Plocha\FRST.exe
2015-10-13 11:17 - 2015-10-13 11:17 - 01107968 _____ C:\Documents and Settings\Radim\Plocha\RSIT.exe
2015-10-13 11:12 - 2015-10-13 11:12 - 00000000 ____D C:\rsit
2015-10-10 01:34 - 2015-10-10 01:34 - 01682432 _____ C:\Documents and Settings\Radim\Plocha\adwcleaner_5.013.exe
2015-10-09 14:31 - 2015-10-09 14:47 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Seting 4
2015-10-08 17:14 - 2015-10-08 17:26 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Seting 3
2015-10-08 02:24 - 2015-10-08 02:28 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Seting 2
2015-10-07 23:24 - 2015-10-07 23:24 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\ENIGMA 2-ROTOR@likra5.10.2015
2015-10-07 21:27 - 2015-10-07 21:28 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Seting 1
2015-10-07 16:52 - 2015-10-07 17:25 - 00004035 _____ C:\Documents and Settings\Radim\Plocha\mg_cfg.txt
2015-10-07 00:48 - 2015-10-07 00:48 - 00000140 _____ C:\Documents and Settings\Radim\Plocha\newcamd.list
2015-10-06 01:52 - 2015-10-06 01:56 - 00000333 _____ C:\Documents and Settings\Radim\Plocha\192.168.0.2.lnk
2015-10-05 16:04 - 2015-10-05 16:05 - 08605256 _____ C:\Documents and Settings\Radim\Plocha\RogueKiller_old.exe
2015-10-03 15:42 - 2015-10-03 15:42 - 00000000 ____D C:\Program Files\SmartFTP Client
2015-10-02 02:55 - 2015-10-02 02:55 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\TP-LINK
2015-10-02 02:54 - 2014-04-08 09:42 - 01076968 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\rtl8192cu.sys
2015-10-02 02:54 - 2014-04-08 09:42 - 01076968 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\RTL8192cu.sys
2015-10-02 02:54 - 2014-04-08 09:42 - 00007482 _____ C:\WINDOWS\system32\net8192cu.cat
2015-10-01 23:44 - 2015-10-02 02:27 - 00376832 _____ () C:\WINDOWS\system32\AegisI5Installer.exe
2015-10-01 23:44 - 2015-10-02 02:23 - 00000000 _____ C:\WINDOWS\RTacDbg.txt
2015-10-01 23:44 - 2015-10-01 23:44 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\TP-LINK
2015-10-01 23:41 - 2015-10-02 02:48 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\TP-LINK
2015-10-01 23:25 - 2015-10-01 23:25 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-10-01 20:21 - 2010-02-03 11:21 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcf2b3.rra
2015-10-01 18:56 - 2010-02-03 11:21 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.DLL
2015-10-01 18:56 - 2010-02-03 11:21 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvceb22.rra
2015-10-01 18:56 - 2010-02-03 11:21 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ATL71.DLL
2015-10-01 18:54 - 2015-10-01 18:54 - 00000000 ____D C:\Documents and Settings\Radim\Downloads\NETGEAR
2015-10-01 10:24 - 2015-10-13 04:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-28 20:14 - 2015-09-28 20:14 - 00050176 _____ C:\Documents and Settings\Radim\Plocha\kalkulátor provize2015.xls
2015-09-28 20:10 - 2015-10-08 16:22 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Souhrn informací _19_2015
2015-09-25 12:49 - 2015-09-25 12:49 - 00000000 ____D C:\Documents and Settings\Radim\Local Settings\Data aplikací\Help
2015-09-24 14:12 - 2015-09-24 14:12 - 00001896 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-09-24 14:12 - 2015-09-24 14:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-24 14:12 - 2015-09-24 14:12 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-09-22 13:58 - 2015-09-22 13:58 - 08206600 _____ (TeamViewer GmbH) C:\Documents and Settings\Radim\Plocha\TeamViewer_Setup_cs-iuu.exe
2015-09-17 21:50 - 2015-09-17 21:50 - 00001096 _____ C:\Documents and Settings\Radim\Plocha\Zástupce - TOTALCMD.EXE.lnk
2015-09-14 16:00 - 2015-09-14 16:00 - 00033280 _____ C:\Documents and Settings\Radim\Plocha\Jelínek srovnání PS a nové 2015.xls
2015-09-13 03:42 - 2015-09-14 21:49 - 00000000 ____D C:\Documents and Settings\Radim\.mucommander
2015-09-13 03:19 - 2015-09-13 03:19 - 00000000 ____D C:\movie
2015-09-13 03:08 - 2015-10-05 20:05 - 00000000 ____D C:\Unreal Commander
2015-09-13 02:47 - 2015-09-13 03:03 - 00000600 _____ C:\Documents and Settings\Radim\Data aplikací\winscp.rnd
2015-09-13 02:32 - 2015-09-13 04:01 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Norton Security Scan
2015-09-13 02:32 - 2015-09-13 02:32 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSS
2015-09-13 02:32 - 2015-09-13 02:32 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Norton
2015-09-13 01:46 - 2015-09-13 01:46 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\SmartFTP
2015-09-13 01:36 - 2015-09-13 01:36 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\FlashFXP
2015-09-13 01:34 - 2015-09-13 01:34 - 00000000 _____ C:\Program Files\active_edits.ini
2015-09-13 01:20 - 2015-09-13 01:20 - 00000104 _____ C:\Program Files\flashfxp.key
2015-09-13 01:20 - 2015-09-13 01:20 - 00000005 _____ C:\Program Files\skiplist.dat
2015-09-13 01:20 - 2015-09-13 01:20 - 00000000 _____ C:\Program Files\Stats.dat
2015-09-13 01:20 - 2015-09-13 01:20 - 00000000 _____ C:\Program Files\schedule.dat
2015-09-13 01:16 - 2015-09-13 01:16 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\FlashFXP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 11:24 - 2014-05-31 14:35 - 00000000 ____D C:\Documents and Settings\Radim\Local Settings\temp
2015-10-13 11:23 - 2011-09-10 14:05 - 00000000 ____D C:\Documents and Settings\Radim\Plocha
2015-10-13 11:11 - 2011-09-10 13:57 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-10-13 11:08 - 2015-01-16 04:02 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\VU+
2015-10-13 10:58 - 2011-09-10 14:05 - 00000000 ___HD C:\Documents and Settings\Radim\Šablony
2015-10-13 10:57 - 2011-09-10 19:11 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-10-13 10:57 - 2011-09-10 18:34 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-10-13 10:57 - 2011-09-10 14:25 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-10-13 10:57 - 2011-09-10 14:05 - 00000000 ____D C:\Documents and Settings\Radim
2015-10-13 10:56 - 2011-09-12 03:35 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\uTorrent
2015-10-13 10:38 - 2015-05-15 14:54 - 00000817 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Glary Utilities 5.lnk
2015-10-13 10:38 - 2015-05-15 14:54 - 00000811 _____ C:\Documents and Settings\All Users\Plocha\Glary Utilities 5.lnk
2015-10-13 10:38 - 2015-05-15 14:53 - 00000000 ____D C:\Program Files\Glary Utilities 5
2015-10-13 10:38 - 2011-09-13 01:55 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\GlarySoft
2015-10-13 10:35 - 2015-03-02 17:05 - 00000000 ____D C:\AdwCleaner
2015-10-13 10:34 - 2015-01-28 17:53 - 01682019 ____N C:\WINDOWS\WindowsUpdate.log
2015-10-13 10:09 - 2013-11-15 16:12 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\ŽIVOTOPISY A MOT. DOPIS
2015-10-13 09:58 - 2011-11-01 02:37 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-10-13 09:57 - 2011-09-10 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-13 04:43 - 2013-07-10 17:07 - 00032568 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2015-10-13 04:43 - 2011-09-10 14:05 - 00000178 ___SH C:\Documents and Settings\Radim\ntuser.ini
2015-10-13 03:21 - 2011-09-12 03:02 - 00002521 _____ C:\Documents and Settings\Radim\Plocha\Microsoft Office Outlook 2007.lnk
2015-10-13 03:15 - 2014-05-31 14:35 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-12 20:34 - 2011-09-10 19:30 - 00000000 ____D C:\Filmy
2015-10-12 11:27 - 2008-04-14 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-11 16:34 - 2015-08-09 18:35 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Vu+_Settings_Skylink_13-01-15_19,2_23,5
2015-10-10 01:25 - 2011-09-10 19:05 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-09 20:56 - 2011-09-10 15:27 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-09 20:39 - 2011-09-10 13:57 - 00000000 ____D C:\WINDOWS\Registration
2015-10-09 17:00 - 2014-04-27 14:08 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\vlc
2015-10-09 15:10 - 2011-09-10 20:31 - 00000000 ____D C:\Moje filmy
2015-10-08 16:21 - 2014-12-17 13:49 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\SOUHRNY A PŘÍLOHY K INFORMACÍM
2015-10-08 02:46 - 2014-07-07 10:37 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\UPC
2015-10-07 00:48 - 2014-07-07 08:20 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\SIPO
2015-10-06 18:39 - 2011-09-10 14:04 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2015-10-06 01:57 - 2008-04-14 14:00 - 00000644 _____ C:\WINDOWS\win.ini
2015-10-06 01:54 - 2011-11-01 03:29 - 00001559 _____ C:\Documents and Settings\Radim\Plocha\Mapa znaků.lnk
2015-10-06 00:44 - 2011-09-10 14:05 - 00000000 ___HD C:\Documents and Settings\Radim\Okolní síť
2015-10-05 20:04 - 2011-09-10 15:36 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-10-05 20:04 - 2011-09-10 15:36 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-10-05 17:12 - 2011-09-10 14:05 - 00000000 __RHD C:\Documents and Settings\Radim\Data aplikací
2015-10-05 16:05 - 2015-03-02 18:24 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-03 16:50 - 2011-09-10 14:05 - 00000000 ___RD C:\Documents and Settings\Radim\Dokumenty
2015-10-03 15:40 - 2013-04-30 01:50 - 00001646 _____ C:\Documents and Settings\Radim\Plocha\Služby.lnk
2015-10-02 15:53 - 2011-09-10 20:17 - 00000000 ____D C:\Install
2015-10-02 02:54 - 2011-09-10 14:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-02 02:27 - 2011-09-10 15:36 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-10-02 02:09 - 2011-09-28 13:09 - 00000000 ____D C:\WINDOWS\pss
2015-10-01 23:41 - 2011-09-10 15:35 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-10-01 22:58 - 2014-02-18 07:00 - 00272174 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2015-10-01 22:57 - 2013-11-26 01:19 - 00458160 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2015-10-01 22:57 - 2011-09-10 14:04 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2015-10-01 22:30 - 2011-09-13 10:49 - 00000000 ____D C:\Documents and Settings\Radim\Local Settings\Data aplikací\ČSOB_Pojišťovna,_a.s
2015-10-01 20:23 - 2011-09-10 15:37 - 01192326 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-30 17:15 - 2012-04-27 14:00 - 00000000 ____D C:\Documents and Settings\Radim\Dokumenty\CSOBPSmlouvy
2015-09-27 19:47 - 2015-08-11 23:43 - 00000505 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-09-25 14:53 - 2014-03-04 03:07 - 00000738 _____ C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2015-09-25 14:53 - 2014-03-04 03:07 - 00000000 ____D C:\Program Files\CCleaner
2015-09-25 13:21 - 2012-04-11 13:43 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-25 13:21 - 2011-09-10 17:24 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-25 12:49 - 2011-09-10 14:05 - 00000000 ___HD C:\Documents and Settings\Radim\Local Settings\Data aplikací
2015-09-24 15:27 - 2011-09-10 19:23 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\Skype
2015-09-24 14:12 - 2011-09-10 18:20 - 00000000 ___RD C:\Program Files\Skype
2015-09-24 14:12 - 2011-09-10 18:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-09-17 19:01 - 2013-10-24 16:12 - 00000000 ____D C:\Documents and Settings\Radim\Dokumenty\StreamTransport
2015-09-16 15:26 - 2014-10-22 15:29 - 00002563 _____ C:\Documents and Settings\Radim\Plocha\Microsoft Office Word 2007 (2).lnk
2015-09-14 21:49 - 2011-09-10 14:05 - 00000000 ___RD C:\Documents and Settings\Radim\Nabídka Start\Programy
2015-09-13 01:34 - 2010-12-31 03:46 - 00000614 _____ C:\Program Files\FlashFXP.ini

==================== Files in the root of some directories =======

2015-09-13 01:34 - 2015-09-13 01:34 - 0000000 _____ () C:\Program Files\active_edits.ini
2010-12-31 03:46 - 2015-09-13 01:34 - 0000614 _____ () C:\Program Files\FlashFXP.ini
2015-09-13 01:20 - 2015-09-13 01:20 - 0000104 _____ () C:\Program Files\flashfxp.key
2015-09-13 01:20 - 2015-09-13 01:20 - 0000000 _____ () C:\Program Files\schedule.dat
2010-04-08 17:05 - 2010-04-08 17:05 - 0012641 _____ () C:\Program Files\Sites.dat
2015-09-13 01:20 - 2015-09-13 01:20 - 0000005 _____ () C:\Program Files\skiplist.dat
2015-09-13 01:20 - 2015-09-13 01:20 - 0000000 _____ () C:\Program Files\Stats.dat
2012-11-28 23:35 - 2014-02-15 00:59 - 0087608 _____ () C:\Documents and Settings\Radim\Data aplikací\inst.exe
2012-11-28 23:35 - 2014-02-15 00:59 - 0007887 _____ () C:\Documents and Settings\Radim\Data aplikací\pcouffin.cat
2012-11-28 23:35 - 2014-02-15 00:59 - 0001144 _____ () C:\Documents and Settings\Radim\Data aplikací\pcouffin.inf
2012-11-28 23:35 - 2014-02-15 00:59 - 0000055 _____ () C:\Documents and Settings\Radim\Data aplikací\pcouffin.log
2012-11-28 23:35 - 2014-02-15 00:59 - 0047360 _____ (VSO Software) C:\Documents and Settings\Radim\Data aplikací\pcouffin.sys
2011-09-15 17:49 - 2014-06-01 20:30 - 0001185 _____ () C:\Documents and Settings\Radim\Data aplikací\vso_ts_preview.xml
2015-09-13 02:47 - 2015-09-13 03:03 - 0000600 _____ () C:\Documents and Settings\Radim\Data aplikací\winscp.rnd
2014-01-09 15:16 - 2014-01-09 15:17 - 0005632 _____ () C:\Documents and Settings\Radim\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-09 14:41 - 2011-12-09 14:41 - 0000294 _____ () C:\Documents and Settings\Radim\Local Settings\Data aplikací\DelUnist.bat
2012-06-27 12:11 - 2012-06-27 12:11 - 0000187 _____ () C:\Documents and Settings\Radim\Local Settings\Data aplikací\Model6.env

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Zdravím, CCleaner koukám že používáš tak jdem rovnou na věc.

Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.

Pak použij Mbam z mého podpisu a dej mi sem z něj log po smazání.

Log z advcleaner.

# AdwCleaner v5.013 - Logfile created 18/10/2015 at 16:03:58
# Updated 09/10/2015 by Xplode
# Database : 2015-10-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Radim - 84B938A95D0145B
# Running from : C:\Documents and Settings\Radim\Plocha\adwcleaner_5.013.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S48].txt - [610 bytes] ##########

Log z mbam.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Radim :: 84B938A95D0145B [administrator]

18.10.2015 17:33:31
mbam-log-2015-10-18 (17-33-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220685
Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Mbam odinstaluj ať PC zbytečně nebrzdí.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Vkládám log z combofixu.

ComboFix 15-10-23.01 - Radim 23.10.2015 12:47:34.1.2 - x86
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-23 do 2015-10-23 )))))))))))))))))))))))))))))))
.
.
2015-10-22 11:07 . 2015-10-13 09:30 8985080 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CF40461C-D568-44FD-9CF4-DE76485FD7CD}\mpengine.dll
2015-10-22 06:15 . 2015-08-31 23:05 8884144 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-18 15:31 . 2015-10-23 10:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-10-18 15:31 . 2015-10-05 07:50 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-13 09:20 . 2015-10-13 09:29 -------- d-----w- C:\FRST
2015-10-03 13:42 . 2015-10-03 13:42 -------- d-----w- c:\program files\SmartFTP Client
2015-10-02 14:40 . 2015-10-02 14:40 17314496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-10-02 00:54 . 2014-04-08 07:42 1076968 ----a-w- c:\windows\system32\rtl8192cu.sys
2015-10-02 00:54 . 2014-04-08 07:42 1076968 ----a-w- c:\windows\system32\drivers\RTL8192cu.sys
2015-10-01 21:44 . 2015-10-01 21:44 -------- d-----w- c:\documents and settings\Radim\Data aplikací\TP-LINK
2015-10-01 21:44 . 2015-10-02 00:27 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2015-10-01 21:41 . 2015-10-02 00:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TP-LINK
2015-10-01 21:25 . 2015-10-01 21:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Package Cache
2015-10-01 18:21 . 2010-02-03 09:21 413696 ----a-w- c:\windows\system32\msvcf2b3.rra
2015-10-01 16:56 . 2010-02-03 09:21 89088 ----a-w- c:\windows\system32\ATL71.DLL
2015-10-01 16:56 . 2010-02-03 09:21 499712 ----a-w- c:\windows\system32\msvcp71.DLL
2015-10-01 16:56 . 2010-02-03 09:21 413696 ----a-w- c:\windows\system32\msvceb22.rra
2015-10-01 16:54 . 2015-10-01 16:54 -------- d-----w- c:\documents and settings\Radim\Downloads
2015-09-25 10:49 . 2015-09-25 10:49 -------- d-----w- c:\documents and settings\Radim\Local Settings\Data aplikací\Help
2015-09-24 12:12 . 2015-09-24 12:12 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-22 13:15 . 2012-04-11 11:43 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-22 13:15 . 2011-09-10 15:24 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-05 14:05 . 2015-03-02 16:24 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-05 07:50 . 2015-01-02 17:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-02 23:17 . 2015-09-02 23:19 1536 ----a-w- c:\windows\system32\bcevent.dll
2015-08-11 23:11 . 2008-04-14 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2015-08-11 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2011-07-18 . E3B22F050F840306FD522227F68046C5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-27 393728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Aplikace\\Balicky2013\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\Radim\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56406:TCP"= 56406:TCP:µTorrent
"56406:UDP"= 56406:UDP:µTorrent
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 MpKsl247733c8;MpKsl247733c8;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys [x]
R1 MpKslb7b84e2a;MpKslb7b84e2a;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys [x]
R1 MpKslefaba5f7;MpKslefaba5f7;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh5.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2013-03-22 323584]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2015-05-11 17472]
S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2014-04-08 1076968]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{B48901DB-02B6-4B56-A02C-28C1A8B028CE}: NameServer = 192.168.0.1,8.8.8.8
TCP: Interfaces\{B8E94BCD-1AE7-46CF-A923-A759DF3A2A72}: NameServer = 192.168.0.1,8.8.8.8
TCP: Interfaces\{EE2F3637-21B5-4D4B-86B2-C5860E62187B}: NameServer = 192.168.0.1,8.8.8.8
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-23 13:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1516)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\PROPSYS.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\netdde.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2015-10-23 13:13:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-10-23 11:13
.
Před spuštěním: 4 925 796 352
Po spuštění: 4 839 907 328
.
- - End Of File - - 56FC944873992BEA8FD72FDD067C8CCD

Než budeme pokračovat tak tyto položky :

c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\dllcache\tcpip.sys
c:\windows\system32\sfcfiles.dll

postupně otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet - Choose File, najdi cestu k výše zmíněnému souboru

nebo tam výše zmíněný text nakopíruj a klikni na tlačítko Odeslat soubor - Scan It!

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Pokud ti to napíše že soubor již byl testován nech Otestovat znovu - Reanalyse.

Odkazy na testy. Tento soubor nemůžu najít:c:\windows\system32\dllcache\tcpip.sys. Ani už ta složka dllcache neexistuje.

https://www.virustotal.com/cs/file/41f7 ... 445782934/

https://www.virustotal.com/cs/file/3ee7 ... 445783841/

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak mi sem dej aktuální log.txt z Rsit a písni jak se PC chová.

Nejde mi spustit RSIT hlásí to nějakou chybu. A FRST nelze stáhnout, něco ho blokuje a to jsem vypnul fierwall i antivir. Co mám dělat?

ralcar píše:Nejde mi spustit RSIT hlásí to nějakou chybu. A FRST nelze stáhnout, něco ho blokuje a to jsem vypnul fierwall i antivir. Co mám dělat?

Zkus je stáhnout a spustit v Nouzáku nebo aspoň stáhni a spusť HJT

v okně které se ti otevře klikni na Do a system scan and save a logfile.

Proběhne sken a log který na Tebe vypadne mi sem nakopíruj..

Tak se mi povedlo stáhnout FRST přes IE. Nemůžu se zbavit složky v Progtam files: Smart FTPclient.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-10-2015
Ran by Radim (administrator) on 84B938A95D0145B (31-10-2015 19:41:55)
Running from C:\Documents and Settings\Radim\Plocha
Loaded Profiles: Radim (Available Profiles: Radim & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Microsoft Corp., Veritas Software) C:\WINDOWS\system32\dmadmin.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23] (ATI Technologies Inc.)
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [393728 2012-11-27] (BitTorrent, Inc.)
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2012-09-14] (SmartSoft Ltd.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{B48901DB-02B6-4B56-A02C-28C1A8B028CE}: [NameServer] 192.168.0.1,8.8.8.8
Tcpip\..\Interfaces\{B8E94BCD-1AE7-46CF-A923-A759DF3A2A72}: [NameServer] 192.168.0.1,8.8.8.8
Tcpip\..\Interfaces\{EE2F3637-21B5-4D4B-86B2-C5860E62187B}: [NameServer] 192.168.0.1,8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1708537768-1364589140-1177238915-1004 -> DefaultScope {D17E06F4-8FF1-4155-A33F-259C56A80459} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... AZ_csCZ451
SearchScopes: HKU\S-1-5-21-1708537768-1364589140-1177238915-1004 -> {D17E06F4-8FF1-4155-A33F-259C56A80459} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... AZ_csCZ451
Toolbar: HKU\S-1-5-21-1708537768-1364589140-1177238915-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2011-06-21] (Společnost Microsoft)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187
FF Homepage: hxxp://www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-22] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-11-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-11-22] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1708537768-1364589140-1177238915-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1708537768-1364589140-1177238915-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-10] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Native Client) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\44.0.2403.130\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\44.0.2403.130\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\44.0.2403.130\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Verbatim Translatio) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bobgnmijljonenlachekpkgikohcghon [2013-01-06]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-02]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
S3 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [323584 2013-03-22] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [25244 1999-09-10] (Adaptec)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25016 2015-10-30] (Disc Soft Ltd)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17472 2015-05-11] (Glarysoft Ltd)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [1076968 2014-04-08] (Realtek Semiconductor Corporation )
S3 s0016bus; C:\WINDOWS\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\WINDOWS\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\WINDOWS\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\WINDOWS\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\WINDOWS\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2015-08-12] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 Bcim; system32\DRIVERS\bcim.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X]
S1 MpKsl247733c8; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys [X]
S1 MpKslb7b84e2a; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys [X]
S1 MpKslefaba5f7; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys [X]
U3 TlntSvr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 19:41 - 2015-10-31 19:42 - 00014226 _____ C:\Documents and Settings\Radim\Plocha\FRST.txt
2015-10-31 19:30 - 2015-10-31 19:42 - 00000000 ____D C:\FRST
2015-10-31 19:29 - 2015-10-31 19:29 - 01701888 _____ (Farbar) C:\Documents and Settings\Radim\Plocha\FRST.exe
2015-10-31 19:27 - 2015-10-31 19:27 - 00029696 _____ C:\Documents and Settings\Radim\Local Settings\Data aplikací\MSGBOX.EXE
2015-10-31 19:27 - 2015-10-31 19:27 - 00015327 _____ C:\Documents and Settings\Radim\Plocha\LM.bat
2015-10-30 16:10 - 2015-10-30 16:10 - 00000000 ____D C:\Program Files\Disc Soft
2015-10-30 16:09 - 2015-10-30 16:10 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-10-30 16:09 - 2015-10-30 16:09 - 00025016 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2015-10-30 16:09 - 2015-10-30 16:09 - 00004138 _____ C:\WINDOWS\setupapi.log
2015-10-30 16:09 - 2015-10-30 16:09 - 00001649 _____ C:\Documents and Settings\All Users\Plocha\DAEMON Tools Lite.lnk
2015-10-30 16:09 - 2015-10-30 16:09 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\DAEMON Tools Lite
2015-10-30 16:09 - 2015-10-30 16:09 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\DAEMON Tools Lite
2015-10-30 16:07 - 2015-10-30 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2015-10-30 15:59 - 2015-10-30 15:59 - 01709792 _____ (Disc Soft Ltd.) C:\Documents and Settings\Radim\Plocha\DTLiteInstaller.exe
2015-10-30 15:30 - 2015-10-30 15:30 - 00000702 _____ C:\Documents and Settings\Radim\Plocha\WinRAR.lnk
2015-10-28 19:16 - 2015-10-31 19:12 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-28 19:16 - 2015-10-31 19:12 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-28 19:16 - 2015-10-28 19:16 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2015-10-28 19:16 - 2001-10-24 12:25 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2015-10-28 19:15 - 2008-04-14 08:51 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2015-10-24 21:34 - 2015-10-24 21:34 - 01691648 _____ C:\Documents and Settings\Radim\Plocha\adwcleaner_5.014.exe
2015-10-23 12:13 - 2015-10-31 19:42 - 00000000 ____D C:\Documents and Settings\Radim\Local Settings\temp
2015-10-23 12:13 - 2015-10-31 19:23 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-23 12:13 - 2015-10-23 12:13 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-10-23 12:13 - 2015-10-23 12:13 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-10-18 16:31 - 2015-10-24 21:29 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2015-10-18 16:31 - 2015-10-05 08:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-15 18:14 - 2015-10-31 08:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-14 16:16 - 2015-10-27 14:40 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Souhrn informací _20_2015
2015-10-14 16:02 - 2015-10-25 17:15 - 00027918 _____ C:\Documents and Settings\Radim\Plocha\pracovní výkaz PAE 2015.xlsx
2015-10-07 22:24 - 2015-10-07 22:24 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\ENIGMA 2-ROTOR@likra5.10.2015
2015-10-07 15:52 - 2015-10-07 16:25 - 00004035 _____ C:\Documents and Settings\Radim\Plocha\mg_cfg.txt
2015-10-06 23:48 - 2015-10-06 23:48 - 00000140 _____ C:\Documents and Settings\Radim\Plocha\newcamd.list
2015-10-06 00:52 - 2015-10-06 00:56 - 00000333 _____ C:\Documents and Settings\Radim\Plocha\192.168.0.2.lnk
2015-10-05 15:04 - 2015-10-05 15:05 - 08605256 _____ C:\Documents and Settings\Radim\Plocha\RogueKiller_old.exe
2015-10-03 14:42 - 2015-10-03 14:42 - 00000000 ____D C:\Program Files\SmartFTP Client
2015-10-02 01:55 - 2015-10-02 01:55 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\TP-LINK
2015-10-02 01:54 - 2014-04-08 08:42 - 01076968 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\rtl8192cu.sys
2015-10-02 01:54 - 2014-04-08 08:42 - 01076968 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\RTL8192cu.sys
2015-10-02 01:54 - 2014-04-08 08:42 - 00007482 _____ C:\WINDOWS\system32\net8192cu.cat
2015-10-01 22:44 - 2015-10-02 01:27 - 00376832 _____ () C:\WINDOWS\system32\AegisI5Installer.exe
2015-10-01 22:44 - 2015-10-02 01:23 - 00000000 _____ C:\WINDOWS\RTacDbg.txt
2015-10-01 22:44 - 2015-10-01 22:44 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\TP-LINK
2015-10-01 22:41 - 2015-10-02 01:48 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\TP-LINK
2015-10-01 22:25 - 2015-10-01 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-10-01 19:21 - 2010-02-03 10:21 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcf2b3.rra
2015-10-01 17:56 - 2010-02-03 10:21 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.DLL
2015-10-01 17:56 - 2010-02-03 10:21 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvceb22.rra
2015-10-01 17:56 - 2010-02-03 10:21 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ATL71.DLL
2015-10-01 17:54 - 2015-10-01 17:54 - 00000000 ____D C:\Documents and Settings\Radim\Downloads\NETGEAR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 19:41 - 2011-09-12 02:35 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\uTorrent
2015-10-31 19:41 - 2011-09-10 13:05 - 00000000 ____D C:\Documents and Settings\Radim\Plocha
2015-10-31 19:40 - 2011-09-10 19:31 - 00000000 ____D C:\Moje filmy
2015-10-31 19:28 - 2015-01-28 16:53 - 01823512 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-31 19:27 - 2011-09-10 13:05 - 00000000 ___HD C:\Documents and Settings\Radim\Local Settings\Data aplikací
2015-10-31 19:16 - 2011-09-10 14:37 - 01192326 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-31 19:11 - 2011-09-10 13:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-31 18:28 - 2013-07-10 16:07 - 00032568 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2015-10-31 18:28 - 2011-09-10 13:05 - 00000178 ___SH C:\Documents and Settings\Radim\ntuser.ini
2015-10-31 12:48 - 2011-09-12 02:02 - 00002521 _____ C:\Documents and Settings\Radim\Plocha\Microsoft Office Outlook 2007.lnk
2015-10-31 08:32 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-30 18:53 - 2014-02-18 06:00 - 00376489 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1708537768-1364589140-1177238915-1004-0.dat
2015-10-30 18:53 - 2014-02-18 06:00 - 00272174 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2015-10-30 18:53 - 2011-09-10 18:11 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-10-30 18:53 - 2011-09-10 17:34 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-10-30 18:53 - 2011-09-10 13:25 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-10-30 16:28 - 2011-09-10 18:30 - 00000000 ____D C:\Filmy
2015-10-30 16:23 - 2015-01-16 03:02 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\VU+
2015-10-30 16:23 - 2014-04-27 13:08 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\vlc
2015-10-30 16:09 - 2011-09-10 14:36 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-10-30 16:09 - 2011-09-10 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-10-30 16:09 - 2011-09-10 13:05 - 00000000 __RHD C:\Documents and Settings\Radim\Data aplikací
2015-10-30 16:07 - 2011-09-10 14:35 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-10-30 14:49 - 2011-09-10 13:05 - 00000000 ____D C:\Documents and Settings\Radim
2015-10-30 14:39 - 2011-09-10 18:05 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-30 14:20 - 2011-09-13 09:49 - 00000000 ____D C:\Documents and Settings\Radim\Local Settings\Data aplikací\ČSOB_Pojišťovna,_a.s
2015-10-29 18:07 - 2014-06-01 19:38 - 00165888 _____ C:\Documents and Settings\Radim\Plocha\T-Cleaner.exe
2015-10-29 15:27 - 2014-02-15 01:17 - 00000690 _____ C:\Documents and Settings\Radim\Nabídka Start\WinRAR.lnk
2015-10-29 15:27 - 2014-02-15 01:17 - 00000000 ____D C:\Documents and Settings\Radim\Nabídka Start\Programy\WinRAR
2015-10-29 15:27 - 2014-02-15 01:17 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR
2015-10-29 14:59 - 2011-09-10 13:05 - 00000000 ___HD C:\Documents and Settings\Radim\Okolní síť
2015-10-29 13:55 - 2011-09-10 13:05 - 00000000 ___HD C:\Documents and Settings\Radim\Šablony
2015-10-28 19:16 - 2011-09-10 12:55 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Příslušenství
2015-10-27 19:10 - 2015-08-09 17:35 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Vu+_Settings_Skylink_13-01-15_19,2_23,5
2015-10-27 14:39 - 2014-12-17 12:49 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\SOUHRNY A PŘÍLOHY K INFORMACÍM
2015-10-27 13:24 - 2011-09-12 02:02 - 00002477 _____ C:\Documents and Settings\Radim\Plocha\Microsoft Office Excel 2007.lnk
2015-10-25 00:19 - 2011-09-10 12:57 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-10-24 21:37 - 2011-09-10 13:04 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2015-10-24 21:29 - 2015-01-02 18:06 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2015-10-23 12:04 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-23 12:03 - 2011-09-10 14:35 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2015-10-23 12:03 - 2011-09-10 14:35 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak
2015-10-23 12:03 - 2011-09-10 14:34 - 38797312 _____ C:\WINDOWS\system32\config\software.bak
2015-10-23 12:03 - 2011-09-10 14:34 - 05505024 _____ C:\WINDOWS\system32\config\system.bak
2015-10-23 12:03 - 2011-09-10 14:34 - 04915200 _____ C:\WINDOWS\system32\config\default.bak
2015-10-23 12:02 - 2014-02-08 17:46 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-10-23 11:24 - 2011-11-01 01:37 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-10-23 02:27 - 2014-07-27 15:51 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Kubincová
2015-10-22 14:15 - 2012-04-11 12:43 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-22 14:15 - 2011-09-10 16:24 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-22 00:26 - 2012-10-23 16:25 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Moje
2015-10-22 00:25 - 2015-08-10 17:01 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Druhy pojištění
2015-10-22 00:25 - 2011-09-15 03:39 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Pojišťovna Manuály
2015-10-21 20:46 - 2014-02-13 10:37 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\Faktury internet
2015-10-19 23:29 - 2014-10-22 14:29 - 00002563 _____ C:\Documents and Settings\Radim\Plocha\Microsoft Office Word 2007 (2).lnk
2015-10-18 14:16 - 2013-04-30 00:50 - 00001596 _____ C:\Documents and Settings\Radim\Plocha\Služby.lnk
2015-10-14 16:37 - 2011-09-10 17:31 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-10-13 09:38 - 2015-05-15 13:54 - 00000817 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Glary Utilities 5.lnk
2015-10-13 09:38 - 2015-05-15 13:54 - 00000811 _____ C:\Documents and Settings\All Users\Plocha\Glary Utilities 5.lnk
2015-10-13 09:38 - 2015-05-15 13:53 - 00000000 ____D C:\Program Files\Glary Utilities 5
2015-10-13 09:38 - 2011-09-13 00:55 - 00000000 ____D C:\Documents and Settings\Radim\Data aplikací\GlarySoft
2015-10-13 09:09 - 2013-11-15 15:12 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\ŽIVOTOPISY A MOT. DOPIS
2015-10-09 19:56 - 2011-09-10 14:27 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-09 19:39 - 2011-09-10 12:57 - 00000000 ____D C:\WINDOWS\Registration
2015-10-08 01:46 - 2014-07-07 09:37 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\UPC
2015-10-06 23:48 - 2014-07-07 07:20 - 00000000 ____D C:\Documents and Settings\Radim\Plocha\SIPO
2015-10-06 00:57 - 2008-04-14 13:00 - 00000644 _____ C:\WINDOWS\win.ini
2015-10-06 00:54 - 2011-11-01 02:29 - 00001559 _____ C:\Documents and Settings\Radim\Plocha\Mapa znaků.lnk
2015-10-05 08:50 - 2015-01-02 18:05 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-03 15:50 - 2011-09-10 13:05 - 00000000 ___RD C:\Documents and Settings\Radim\Dokumenty
2015-10-02 14:53 - 2011-09-10 19:17 - 00000000 ____D C:\Install
2015-10-02 01:54 - 2011-09-10 13:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-02 01:27 - 2011-09-10 14:36 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-10-02 01:09 - 2011-09-28 12:09 - 00000000 ____D C:\WINDOWS\pss
2015-10-01 21:57 - 2013-11-26 00:19 - 00458160 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2015-10-01 21:57 - 2011-09-10 13:04 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Data aplikací

==================== Files in the root of some directories =======

2015-09-13 00:34 - 2015-09-13 00:34 - 0000000 _____ () C:\Program Files\active_edits.ini
2010-12-31 02:46 - 2015-09-13 00:34 - 0000614 _____ () C:\Program Files\FlashFXP.ini
2015-09-13 00:20 - 2015-09-13 00:20 - 0000104 _____ () C:\Program Files\flashfxp.key
2015-09-13 00:20 - 2015-09-13 00:20 - 0000000 _____ () C:\Program Files\schedule.dat
2010-04-08 16:05 - 2010-04-08 16:05 - 0012641 _____ () C:\Program Files\Sites.dat
2015-09-13 00:20 - 2015-09-13 00:20 - 0000005 _____ () C:\Program Files\skiplist.dat
2015-09-13 00:20 - 2015-09-13 00:20 - 0000000 _____ () C:\Program Files\Stats.dat
2012-11-28 22:35 - 2014-02-14 23:59 - 0087608 _____ () C:\Documents and Settings\Radim\Data aplikací\inst.exe
2012-11-28 22:35 - 2014-02-14 23:59 - 0007887 _____ () C:\Documents and Settings\Radim\Data aplikací\pcouffin.cat
2012-11-28 22:35 - 2014-02-14 23:59 - 0001144 _____ () C:\Documents and Settings\Radim\Data aplikací\pcouffin.inf
2012-11-28 22:35 - 2014-02-14 23:59 - 0000055 _____ () C:\Documents and Settings\Radim\Data aplikací\pcouffin.log
2012-11-28 22:35 - 2014-02-14 23:59 - 0047360 _____ (VSO Software) C:\Documents and Settings\Radim\Data aplikací\pcouffin.sys
2011-09-15 16:49 - 2014-06-01 19:30 - 0001185 _____ () C:\Documents and Settings\Radim\Data aplikací\vso_ts_preview.xml
2015-09-13 01:47 - 2015-09-13 02:03 - 0000600 _____ () C:\Documents and Settings\Radim\Data aplikací\winscp.rnd
2014-01-09 14:16 - 2014-01-09 14:17 - 0005632 _____ () C:\Documents and Settings\Radim\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-09 13:41 - 2011-12-09 13:41 - 0000294 _____ () C:\Documents and Settings\Radim\Local Settings\Data aplikací\DelUnist.bat
2012-06-27 11:11 - 2012-06-27 11:11 - 0000187 _____ () C:\Documents and Settings\Radim\Local Settings\Data aplikací\Model6.env
2015-10-31 19:27 - 2015-10-31 19:27 - 0029696 _____ () C:\Documents and Settings\Radim\Local Settings\Data aplikací\MSGBOX.EXE

Some files in TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-73d65f12.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Nic špatného tam již nevidím a co se týče té složky tak jí smaž přes Unlocker.

Nyní mrknem na hardware.

Stáhni HD Tune a otestuj HDD.

Benchmark - Test disku Klikni na tlačítko Start a vyčkej dokud se nezaplní celý graf. Poté se dozvíš přenosovou rychlost a přístupový čas pevného disku.

Info Přesná kapacita, souborový systém, podporované funkce, verze firmware, sériové číslo a typ zapojení disků.

Health - Kondice Seznam důležitých parametrů a jejich hodnoty. Ideální je mít všude OK.

Když je nějaká položka žlutá pravděpodobně brzy změní status na failed. Když je červená má status failed, to by znamenalo výměnu disku.

Error Scan - Hledání chyb Klikni na tlačítko Start a program prozkoumá disk zda na něm nejsou vadné bloky.

Pokud na konci testu jsou všechny zelené, je vše v pořádku. Když je byť jeden z nich červený, doporučuji zazálohovat data a počítat s výměnou disku.

Teplota Teploměr nahoře a číslo vedle něj znázorňují teplotu disku. Normální hodnota je pod 50°C. Teplota ale nesmí přesáhnout 60°C, program upozorní když dosáhne hranice 55°C.

Stáhni MEMTEST

soubor rozbal a spusť exe soubor.

Připoj flashdisk pozor vše co na něm je bude smazáno !,

v okénku Select your USB Flash Drive vyber tento disk a dej Create.

Během chvilky se Memtest nainstaluje.

Flashdisk nech v USB, restartuj PC a nabootuj z něj.

Před tím samozřemě musíš v Bios Setup do kterého se dostaneš při restartu mačkáním klávesy :

* DEL
* F2
* F1
* F10

záleží na PC, ale vždy je to na monitoru napsáno,

otevři nabídku ADVANCED BIOS FEATURES a vyhledej Boot Devices 0 až 4 nebo Boot Sequence.

Na první místo nastav Flashdisk,

na druhé pevný disk HDD, u obou položek bývá napsán i výrobce.

Stisknutím Save většinou je to F10 a potvrzením Entrem uložíš nastavení,

pak ještě stisknutím Save and Exit se dostaneš z Biosu.

Test nech projet minimálně jednou, ideálně však několikrát třeba přes noc a s každým RAM modulem zvlášť.

Pak dej vědět jak vše dopadlo.

Díky moc za te unlocker, konečně jsem se zbavil toho smartFTP. HDD jsem projel HD tune a jeden sektor byl červený, teplota nepřesáhla 44 stupňů. Co zjistíme tím MEMTESTEM? Docela se toho bojím. Noťas je starý skoro 8 let a byla už přeletována grafcká karta, bojím se aby mi neklekl.

ralcar píše:HDD jsem projel HD tune a jeden sektor byl červený, ........

To není moc dobré, zálohoval bych si důležité věci.

ralcar píše:Co zjistíme tím MEMTESTEM? Docela se toho bojím.

Otestuje RAMky a neboj neshoří

Tak jsem to zkusil a asi dělám něco blbě. A asi bych to nechal být. Notas je rychlejší a už nezamrzá. Díky moc.

VIRY.CZ

Prosím o kontrolu logu.

Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.