Pomalé PC
Napsal: 30 led 2016 20:43
Dobrý večer.
Dostal se mi do rukou počítač jedné osmdesátileté paní. Jsou na něm XP asi s kompletními aktualizacemi. PC je pomalý, byly v něm AVG a Avast současně. Kontrola Eset online scannerem byla čistá. Instalace MBAM se provedla s chybami, nyní nejde MBABM odebrat ani spustit. Prosím o kontrolu logu. Díky.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by admin (administrator) on BABIPC (30-01-2016 20:38:41)
Running from C:\Documents and Settings\admin\Plocha
Loaded Profiles: admin (Available Profiles: admin & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: "C:\Program Files\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
() C:\WINDOWS\system32\SecUPDUtilSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [709992 2007-04-10] (Microsoft Corporation)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16380416 2007-07-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [279912 2007-05-17] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [avast5] => C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-07-18] (Hewlett-Packard Company)
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.253
Tcpip\..\Interfaces\{04F0D35F-E4BE-4B29-BCB9-66F9CF1F84B8}: [DhcpNameServer] 192.168.1.253
Internet Explorer:
==================
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> {EE550039-7ADE-46AA-9AA3-DE5CD1E59C2C} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... {startPage}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Toolbar: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2012-02-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2012-02-02] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
Chrome:
=======
CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR Profile: C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (IncrediMail MediaBar Deutsch 2) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo [2013-03-06] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT2724407&extensionData=<extension_data>] <==== ATTENTION
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-12-03]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04]
CHR HKLM\...\Chrome\Extension: [ajeaeekpfakbiidigngcnelnclhnaibo] - C:\Documents and Settings\admin\Local Settings\Data aplikací\CRE\ajeaeekpfakbiidigngcnelnclhnaibo.crx [2012-09-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajeaeekpfakbiidigngcnelnclhnaibo] - C:\Documents and Settings\admin\Local Settings\Data aplikací\CRE\ajeaeekpfakbiidigngcnelnclhnaibo.crx [2012-09-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 SamsungUPDUtilSvc; C:\WINDOWS\system32\SecUPDUtilSvc.exe [118576 2014-11-26] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 eapihdrv; C:\Documents and Settings\admin\Local Settings\Temp\ehdrv.sys [135760 2016-01-30] (ESET)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2008-07-31] (Windows (R) 2000 DDK provider)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () [File not signed]
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics) [File not signed]
S3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1966312 2007-04-10] (Microsoft Corporation)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-30 20:35 - 2016-01-30 20:35 - 00058437 _____ C:\Documents and Settings\admin\Plocha\Addition.txt
2016-01-30 20:34 - 2016-01-30 20:38 - 00013391 _____ C:\Documents and Settings\admin\Plocha\FRST.txt
2016-01-30 20:33 - 2016-01-30 20:33 - 01721856 _____ (Farbar) C:\Documents and Settings\admin\Plocha\FRST.exe
2016-01-30 20:21 - 2016-01-30 20:21 - 00029696 _____ C:\Documents and Settings\admin\Local Settings\Data aplikací\MSGBOX.EXE
2016-01-30 20:21 - 2016-01-30 20:21 - 00015327 _____ C:\Documents and Settings\admin\Plocha\LM.bat
2016-01-30 18:39 - 2016-01-30 20:38 - 00000000 ____D C:\FRST
2016-01-30 18:37 - 2016-01-30 18:37 - 00000000 __SHD C:\Documents and Settings\admin\PrivacIE
2016-01-30 18:37 - 2016-01-30 18:37 - 00000000 __SHD C:\Documents and Settings\admin\IECompatCache
2016-01-30 18:29 - 2016-01-30 18:29 - 00000000 __SHD C:\Documents and Settings\admin\IETldCache
2016-01-30 18:26 - 2016-01-30 18:26 - 00000000 ____D C:\WINDOWS\ie8updates
2016-01-30 18:22 - 2016-01-30 18:24 - 00000000 __HDC C:\WINDOWS\ie8
2016-01-30 18:14 - 2014-02-06 00:08 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2016-01-30 18:13 - 2014-02-06 00:08 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2016-01-30 18:13 - 2014-02-06 00:08 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2016-01-30 18:13 - 2014-02-06 00:08 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2016-01-30 18:13 - 2011-08-16 11:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2016-01-30 18:12 - 2016-01-30 18:13 - 17013088 _____ (Microsoft Corporation) C:\Documents and Settings\admin\Plocha\IE8-WindowsXP-x86-CSY.exe
2016-01-30 17:55 - 2016-01-30 17:55 - 00000777 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2016-01-30 17:55 - 2016-01-30 17:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-30 17:55 - 2016-01-30 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-01-30 17:55 - 2016-01-30 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-01-30 17:55 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-30 17:55 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-30 16:35 - 2016-01-30 16:41 - 00000178 ___SH C:\Documents and Settings\Administrator.BABIPC\ntuser.ini
2016-01-30 16:35 - 2016-01-30 16:41 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Local Settings\Temp
2016-01-30 16:35 - 2016-01-30 16:35 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC
2016-01-30 16:35 - 2015-05-15 08:34 - 00000000 __RHD C:\Documents and Settings\Administrator.BABIPC\Data aplikací
2016-01-30 16:35 - 2015-05-15 08:34 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Data aplikací\TuneUp Software
2016-01-30 16:35 - 2008-10-21 19:47 - 00000000 ___HD C:\Documents and Settings\Administrator.BABIPC\Local Settings\Data aplikací
2016-01-30 16:35 - 2008-10-21 19:47 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Local Settings\Data aplikací\Microsoft Help
2016-01-30 16:35 - 2008-10-21 16:58 - 00000000 ___RD C:\Documents and Settings\Administrator.BABIPC\Nabídka Start\Programy
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ___RD C:\Documents and Settings\Administrator.BABIPC\Nabídka Start\Programy\Po spuštění
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ___RD C:\Documents and Settings\Administrator.BABIPC\Nabídka Start
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ___HD C:\Documents and Settings\Administrator.BABIPC\Okolní tiskárny
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ___HD C:\Documents and Settings\Administrator.BABIPC\Okolní síť
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Plocha
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Oblíbené položky
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Dokumenty
2016-01-30 16:35 - 2008-06-06 14:21 - 00001599 _____ C:\Documents and Settings\Administrator.BABIPC\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-01-30 16:35 - 2008-06-06 14:21 - 00000000 ___RD C:\Documents and Settings\Administrator.BABIPC\Nabídka Start\Programy\Příslušenství
2016-01-30 16:35 - 2008-06-06 14:18 - 00000000 ___HD C:\Documents and Settings\Administrator.BABIPC\Šablony
2016-01-30 16:33 - 2016-01-30 16:33 - 05762544 _____ (AVAST Software) C:\Documents and Settings\admin\Plocha\avastclear.exe
2016-01-25 21:48 - 2016-01-25 21:48 - 00004996 _____ C:\Documents and Settings\admin\Plocha\T-MOBIL za RIJEN 2015.txt
2016-01-25 17:38 - 2016-01-25 17:38 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\AC3Filter
2016-01-23 14:02 - 2016-01-23 14:02 - 00000439 _____ C:\Documents and Settings\admin\Dokumenty\Zástupce - MEILY bez priloh.lnk
2016-01-17 21:07 - 2016-01-17 21:07 - 04845568 _____ C:\Documents and Settings\admin\Plocha\LUKOSTýýELKYNý__1.PPS
2016-01-10 11:41 - 2016-01-10 11:41 - 00039263 _____ C:\Documents and Settings\admin\Plocha\T-MOBIL za PROSINEC 2015.zip
2016-01-06 22:35 - 2016-01-06 22:35 - 00096108 _____ C:\Documents and Settings\admin\Plocha\INKASO na LEDEN 2016.pdf
2016-01-04 18:19 - 2016-01-04 18:19 - 00001579 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera Mail.lnk
2016-01-04 18:19 - 2016-01-04 18:19 - 00001573 _____ C:\Documents and Settings\All Users\Plocha\Opera Mail.lnk
2016-01-04 18:19 - 2016-01-04 18:19 - 00000000 ____D C:\Program Files\Opera Mail
2016-01-04 18:19 - 2016-01-04 18:19 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Data aplikací\Opera Mail
2016-01-04 18:19 - 2016-01-04 18:19 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\Opera Mail
2016-01-01 17:46 - 2016-01-01 17:46 - 00002664 _____ C:\Documents and Settings\admin\Plocha\OBČANSKÝ ZÁKONÍK od 1.1.2016.eml
2016-01-01 17:22 - 2016-01-01 17:22 - 00000000 ____D C:\Program Files\Common Files\CIGLER SOFTWARE
2016-01-01 17:22 - 2016-01-01 17:22 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CIGLER SOFTWARE
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-30 20:38 - 2008-10-21 16:57 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Temp
2016-01-30 20:35 - 2008-10-21 16:57 - 00000000 ____D C:\Documents and Settings\admin\Plocha
2016-01-30 20:31 - 2010-04-19 10:41 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\Skype
2016-01-30 20:26 - 2010-02-22 16:36 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-30 20:21 - 2008-10-21 16:57 - 00000000 ___HD C:\Documents and Settings\admin\Local Settings\Data aplikací
2016-01-30 18:37 - 2008-10-21 16:57 - 00000000 ____D C:\Documents and Settings\admin
2016-01-30 18:30 - 2015-09-06 12:17 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-01-30 18:29 - 2015-04-17 19:28 - 00000396 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429295201.job
2016-01-30 18:29 - 2010-02-22 16:36 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 18:29 - 2008-10-21 17:17 - 00000000 ____D C:\Program Files\Opera
2016-01-30 18:29 - 2008-10-21 16:58 - 00000803 _____ C:\Documents and Settings\admin\Nabídka Start\Programy\Internet Explorer.lnk
2016-01-30 18:29 - 2008-10-21 16:57 - 00000000 ___RD C:\Documents and Settings\admin\Nabídka Start\Programy
2016-01-30 18:29 - 2008-10-21 16:57 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty\VIDEA
2016-01-30 18:29 - 2008-10-21 16:57 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty\Obrázky
2016-01-30 18:29 - 2008-10-21 16:57 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty
2016-01-30 18:29 - 2008-06-06 15:45 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-01-30 18:29 - 2008-06-06 15:45 - 00000000 ___HD C:\WINDOWS\inf
2016-01-30 18:29 - 2008-06-06 15:45 - 00000000 ____D C:\WINDOWS\Media
2016-01-30 18:29 - 2008-06-06 15:45 - 00000000 ____D C:\WINDOWS\Help
2016-01-30 18:29 - 2008-06-06 14:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-30 18:28 - 2008-10-21 16:57 - 00000178 ___SH C:\Documents and Settings\admin\ntuser.ini
2016-01-30 18:28 - 2008-06-06 14:40 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-30 18:27 - 2008-06-06 15:52 - 00001374 _____ C:\WINDOWS\imsins.BAK
2016-01-30 18:26 - 2008-06-07 02:00 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-01-30 18:01 - 2006-03-02 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-30 17:57 - 2008-06-06 14:21 - 00001507 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2016-01-30 17:55 - 2008-06-06 15:52 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-01-30 17:55 - 2008-06-06 15:52 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-01-30 17:55 - 2008-06-06 15:52 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-01-30 16:49 - 2008-06-06 14:20 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-01-30 16:42 - 2014-05-07 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2016-01-30 16:35 - 2012-03-15 14:38 - 00166788 _____ C:\WINDOWS\ntbtlog.txt
2016-01-30 16:35 - 2008-06-06 15:51 - 00000000 ____D C:\Documents and Settings
2016-01-30 16:29 - 2010-02-22 16:37 - 00001819 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome.lnk
2016-01-30 16:28 - 2008-10-21 16:57 - 00000000 __RHD C:\Documents and Settings\admin\Data aplikací
2016-01-30 16:25 - 2015-11-26 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avg
2016-01-30 16:23 - 2015-10-25 21:17 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Data aplikací\AvgSetupLog
2016-01-30 16:15 - 2015-07-08 08:08 - 00000351 _____ C:\prefs.js
2016-01-30 16:13 - 2015-05-27 08:15 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Data aplikací\Avg
2016-01-30 16:13 - 2015-04-05 08:16 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2016-01-26 17:01 - 2015-12-28 11:03 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2016-01-26 10:32 - 2010-04-19 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2016-01-25 21:51 - 2012-05-10 13:15 - 00000000 ____D C:\Documents and Settings\admin\Plocha\VYUCTOVANI T-mobil
2016-01-25 21:42 - 2012-01-07 21:23 - 00000000 ____D C:\Documents and Settings\admin\Plocha\INKASO
2016-01-23 14:03 - 2009-11-09 13:02 - 00000000 ____D C:\Documents and Settings\admin\Tracing
2016-01-14 10:52 - 2008-06-06 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2016-01-14 10:48 - 2013-08-15 06:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-14 10:33 - 2008-06-07 07:42 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-12 18:27 - 2008-10-21 18:46 - 00002563 _____ C:\Documents and Settings\admin\Plocha\Word 2007.lnk
2016-01-08 15:00 - 2014-03-22 01:47 - 00000216 _____ C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-01-01 17:22 - 2010-02-22 16:36 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Data aplikací\Temp
==================== Files in the root of some directories =======
2008-11-18 15:21 - 2015-12-29 21:42 - 0049664 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-30 20:21 - 2016-01-30 20:21 - 0029696 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\MSGBOX.EXE
Some files in TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\avg-6032d05b-2c55-4513-a022-2e3f3efd8513.exe
C:\Documents and Settings\admin\Local Settings\Temp\avg-62a35851-43f9-4243-8bbf-6f5f90a54861.exe
C:\Documents and Settings\admin\Local Settings\Temp\avg-d7664325-0249-4d6f-b0fd-4649b1c35f24.exe
C:\Documents and Settings\admin\Local Settings\Temp\avg-eb6c394e-fb58-437c-9e6b-5a5ce6dfbf5b.exe
C:\Documents and Settings\admin\Local Settings\Temp\avg-f658d821-3bca-4104-a313-c23d9c27b532.exe
C:\Documents and Settings\admin\Local Settings\Temp\avguirn_081324498185.exe
C:\Documents and Settings\admin\Local Settings\Temp\avguirn_081985408988.exe
C:\Documents and Settings\admin\Local Settings\Temp\UNINSTALL.EXE
C:\Documents and Settings\admin\Local Settings\Temp\{C3BD53BB-9BC2-4598-AEA3-A0CA70FFE965}-46.0.2490.71_chrome_installer.exe
C:\Documents and Settings\admin\Local Settings\Temp\{DFDFB78D-F262-4419-B98D-7D9B60EECC1F}-46.0.2490.80_chrome_installer.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Dostal se mi do rukou počítač jedné osmdesátileté paní. Jsou na něm XP asi s kompletními aktualizacemi. PC je pomalý, byly v něm AVG a Avast současně. Kontrola Eset online scannerem byla čistá. Instalace MBAM se provedla s chybami, nyní nejde MBABM odebrat ani spustit. Prosím o kontrolu logu. Díky.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by admin (administrator) on BABIPC (30-01-2016 20:38:41)
Running from C:\Documents and Settings\admin\Plocha
Loaded Profiles: admin (Available Profiles: admin & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: "C:\Program Files\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
() C:\WINDOWS\system32\SecUPDUtilSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [709992 2007-04-10] (Microsoft Corporation)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16380416 2007-07-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [279912 2007-05-17] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [avast5] => C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-07-18] (Hewlett-Packard Company)
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.253
Tcpip\..\Interfaces\{04F0D35F-E4BE-4B29-BCB9-66F9CF1F84B8}: [DhcpNameServer] 192.168.1.253
Internet Explorer:
==================
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> {EE550039-7ADE-46AA-9AA3-DE5CD1E59C2C} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... {startPage}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Toolbar: HKU\S-1-5-21-3308560571-2903403717-2882023855-1010 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2012-02-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2012-02-02] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
Chrome:
=======
CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR Profile: C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (IncrediMail MediaBar Deutsch 2) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo [2013-03-06] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT2724407&extensionData=<extension_data>] <==== ATTENTION
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-12-03]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04]
CHR HKLM\...\Chrome\Extension: [ajeaeekpfakbiidigngcnelnclhnaibo] - C:\Documents and Settings\admin\Local Settings\Data aplikací\CRE\ajeaeekpfakbiidigngcnelnclhnaibo.crx [2012-09-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-3308560571-2903403717-2882023855-1010\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajeaeekpfakbiidigngcnelnclhnaibo] - C:\Documents and Settings\admin\Local Settings\Data aplikací\CRE\ajeaeekpfakbiidigngcnelnclhnaibo.crx [2012-09-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 SamsungUPDUtilSvc; C:\WINDOWS\system32\SecUPDUtilSvc.exe [118576 2014-11-26] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 eapihdrv; C:\Documents and Settings\admin\Local Settings\Temp\ehdrv.sys [135760 2016-01-30] (ESET)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2008-07-31] (Windows (R) 2000 DDK provider)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () [File not signed]
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics) [File not signed]
S3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1966312 2007-04-10] (Microsoft Corporation)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-30 20:35 - 2016-01-30 20:35 - 00058437 _____ C:\Documents and Settings\admin\Plocha\Addition.txt
2016-01-30 20:34 - 2016-01-30 20:38 - 00013391 _____ C:\Documents and Settings\admin\Plocha\FRST.txt
2016-01-30 20:33 - 2016-01-30 20:33 - 01721856 _____ (Farbar) C:\Documents and Settings\admin\Plocha\FRST.exe
2016-01-30 20:21 - 2016-01-30 20:21 - 00029696 _____ C:\Documents and Settings\admin\Local Settings\Data aplikací\MSGBOX.EXE
2016-01-30 20:21 - 2016-01-30 20:21 - 00015327 _____ C:\Documents and Settings\admin\Plocha\LM.bat
2016-01-30 18:39 - 2016-01-30 20:38 - 00000000 ____D C:\FRST
2016-01-30 18:37 - 2016-01-30 18:37 - 00000000 __SHD C:\Documents and Settings\admin\PrivacIE
2016-01-30 18:37 - 2016-01-30 18:37 - 00000000 __SHD C:\Documents and Settings\admin\IECompatCache
2016-01-30 18:29 - 2016-01-30 18:29 - 00000000 __SHD C:\Documents and Settings\admin\IETldCache
2016-01-30 18:26 - 2016-01-30 18:26 - 00000000 ____D C:\WINDOWS\ie8updates
2016-01-30 18:22 - 2016-01-30 18:24 - 00000000 __HDC C:\WINDOWS\ie8
2016-01-30 18:14 - 2014-02-06 00:08 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2016-01-30 18:13 - 2014-02-06 00:08 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2016-01-30 18:13 - 2014-02-06 00:08 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2016-01-30 18:13 - 2014-02-06 00:08 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2016-01-30 18:13 - 2011-08-16 11:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2016-01-30 18:12 - 2016-01-30 18:13 - 17013088 _____ (Microsoft Corporation) C:\Documents and Settings\admin\Plocha\IE8-WindowsXP-x86-CSY.exe
2016-01-30 17:55 - 2016-01-30 17:55 - 00000777 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2016-01-30 17:55 - 2016-01-30 17:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-30 17:55 - 2016-01-30 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-01-30 17:55 - 2016-01-30 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-01-30 17:55 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-30 17:55 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-30 16:35 - 2016-01-30 16:41 - 00000178 ___SH C:\Documents and Settings\Administrator.BABIPC\ntuser.ini
2016-01-30 16:35 - 2016-01-30 16:41 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Local Settings\Temp
2016-01-30 16:35 - 2016-01-30 16:35 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC
2016-01-30 16:35 - 2015-05-15 08:34 - 00000000 __RHD C:\Documents and Settings\Administrator.BABIPC\Data aplikací
2016-01-30 16:35 - 2015-05-15 08:34 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Data aplikací\TuneUp Software
2016-01-30 16:35 - 2008-10-21 19:47 - 00000000 ___HD C:\Documents and Settings\Administrator.BABIPC\Local Settings\Data aplikací
2016-01-30 16:35 - 2008-10-21 19:47 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Local Settings\Data aplikací\Microsoft Help
2016-01-30 16:35 - 2008-10-21 16:58 - 00000000 ___RD C:\Documents and Settings\Administrator.BABIPC\Nabídka Start\Programy
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ___RD C:\Documents and Settings\Administrator.BABIPC\Nabídka Start\Programy\Po spuštění
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ___RD C:\Documents and Settings\Administrator.BABIPC\Nabídka Start
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ___HD C:\Documents and Settings\Administrator.BABIPC\Okolní tiskárny
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ___HD C:\Documents and Settings\Administrator.BABIPC\Okolní síť
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Plocha
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Oblíbené položky
2016-01-30 16:35 - 2008-06-06 15:52 - 00000000 ____D C:\Documents and Settings\Administrator.BABIPC\Dokumenty
2016-01-30 16:35 - 2008-06-06 14:21 - 00001599 _____ C:\Documents and Settings\Administrator.BABIPC\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-01-30 16:35 - 2008-06-06 14:21 - 00000000 ___RD C:\Documents and Settings\Administrator.BABIPC\Nabídka Start\Programy\Příslušenství
2016-01-30 16:35 - 2008-06-06 14:18 - 00000000 ___HD C:\Documents and Settings\Administrator.BABIPC\Šablony
2016-01-30 16:33 - 2016-01-30 16:33 - 05762544 _____ (AVAST Software) C:\Documents and Settings\admin\Plocha\avastclear.exe
2016-01-25 21:48 - 2016-01-25 21:48 - 00004996 _____ C:\Documents and Settings\admin\Plocha\T-MOBIL za RIJEN 2015.txt
2016-01-25 17:38 - 2016-01-25 17:38 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\AC3Filter
2016-01-23 14:02 - 2016-01-23 14:02 - 00000439 _____ C:\Documents and Settings\admin\Dokumenty\Zástupce - MEILY bez priloh.lnk
2016-01-17 21:07 - 2016-01-17 21:07 - 04845568 _____ C:\Documents and Settings\admin\Plocha\LUKOSTýýELKYNý__1.PPS
2016-01-10 11:41 - 2016-01-10 11:41 - 00039263 _____ C:\Documents and Settings\admin\Plocha\T-MOBIL za PROSINEC 2015.zip
2016-01-06 22:35 - 2016-01-06 22:35 - 00096108 _____ C:\Documents and Settings\admin\Plocha\INKASO na LEDEN 2016.pdf
2016-01-04 18:19 - 2016-01-04 18:19 - 00001579 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera Mail.lnk
2016-01-04 18:19 - 2016-01-04 18:19 - 00001573 _____ C:\Documents and Settings\All Users\Plocha\Opera Mail.lnk
2016-01-04 18:19 - 2016-01-04 18:19 - 00000000 ____D C:\Program Files\Opera Mail
2016-01-04 18:19 - 2016-01-04 18:19 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Data aplikací\Opera Mail
2016-01-04 18:19 - 2016-01-04 18:19 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\Opera Mail
2016-01-01 17:46 - 2016-01-01 17:46 - 00002664 _____ C:\Documents and Settings\admin\Plocha\OBČANSKÝ ZÁKONÍK od 1.1.2016.eml
2016-01-01 17:22 - 2016-01-01 17:22 - 00000000 ____D C:\Program Files\Common Files\CIGLER SOFTWARE
2016-01-01 17:22 - 2016-01-01 17:22 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CIGLER SOFTWARE
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-30 20:38 - 2008-10-21 16:57 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Temp
2016-01-30 20:35 - 2008-10-21 16:57 - 00000000 ____D C:\Documents and Settings\admin\Plocha
2016-01-30 20:31 - 2010-04-19 10:41 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\Skype
2016-01-30 20:26 - 2010-02-22 16:36 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-30 20:21 - 2008-10-21 16:57 - 00000000 ___HD C:\Documents and Settings\admin\Local Settings\Data aplikací
2016-01-30 18:37 - 2008-10-21 16:57 - 00000000 ____D C:\Documents and Settings\admin
2016-01-30 18:30 - 2015-09-06 12:17 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-01-30 18:29 - 2015-04-17 19:28 - 00000396 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429295201.job
2016-01-30 18:29 - 2010-02-22 16:36 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 18:29 - 2008-10-21 17:17 - 00000000 ____D C:\Program Files\Opera
2016-01-30 18:29 - 2008-10-21 16:58 - 00000803 _____ C:\Documents and Settings\admin\Nabídka Start\Programy\Internet Explorer.lnk
2016-01-30 18:29 - 2008-10-21 16:57 - 00000000 ___RD C:\Documents and Settings\admin\Nabídka Start\Programy
2016-01-30 18:29 - 2008-10-21 16:57 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty\VIDEA
2016-01-30 18:29 - 2008-10-21 16:57 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty\Obrázky
2016-01-30 18:29 - 2008-10-21 16:57 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty
2016-01-30 18:29 - 2008-06-06 15:45 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-01-30 18:29 - 2008-06-06 15:45 - 00000000 ___HD C:\WINDOWS\inf
2016-01-30 18:29 - 2008-06-06 15:45 - 00000000 ____D C:\WINDOWS\Media
2016-01-30 18:29 - 2008-06-06 15:45 - 00000000 ____D C:\WINDOWS\Help
2016-01-30 18:29 - 2008-06-06 14:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-30 18:28 - 2008-10-21 16:57 - 00000178 ___SH C:\Documents and Settings\admin\ntuser.ini
2016-01-30 18:28 - 2008-06-06 14:40 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-30 18:27 - 2008-06-06 15:52 - 00001374 _____ C:\WINDOWS\imsins.BAK
2016-01-30 18:26 - 2008-06-07 02:00 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-01-30 18:01 - 2006-03-02 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-30 17:57 - 2008-06-06 14:21 - 00001507 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2016-01-30 17:55 - 2008-06-06 15:52 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-01-30 17:55 - 2008-06-06 15:52 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-01-30 17:55 - 2008-06-06 15:52 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-01-30 16:49 - 2008-06-06 14:20 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-01-30 16:42 - 2014-05-07 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2016-01-30 16:35 - 2012-03-15 14:38 - 00166788 _____ C:\WINDOWS\ntbtlog.txt
2016-01-30 16:35 - 2008-06-06 15:51 - 00000000 ____D C:\Documents and Settings
2016-01-30 16:29 - 2010-02-22 16:37 - 00001819 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome.lnk
2016-01-30 16:28 - 2008-10-21 16:57 - 00000000 __RHD C:\Documents and Settings\admin\Data aplikací
2016-01-30 16:25 - 2015-11-26 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avg
2016-01-30 16:23 - 2015-10-25 21:17 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Data aplikací\AvgSetupLog
2016-01-30 16:15 - 2015-07-08 08:08 - 00000351 _____ C:\prefs.js
2016-01-30 16:13 - 2015-05-27 08:15 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Data aplikací\Avg
2016-01-30 16:13 - 2015-04-05 08:16 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2016-01-26 17:01 - 2015-12-28 11:03 - 00002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2016-01-26 10:32 - 2010-04-19 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2016-01-25 21:51 - 2012-05-10 13:15 - 00000000 ____D C:\Documents and Settings\admin\Plocha\VYUCTOVANI T-mobil
2016-01-25 21:42 - 2012-01-07 21:23 - 00000000 ____D C:\Documents and Settings\admin\Plocha\INKASO
2016-01-23 14:03 - 2009-11-09 13:02 - 00000000 ____D C:\Documents and Settings\admin\Tracing
2016-01-14 10:52 - 2008-06-06 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2016-01-14 10:48 - 2013-08-15 06:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-14 10:33 - 2008-06-07 07:42 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-12 18:27 - 2008-10-21 18:46 - 00002563 _____ C:\Documents and Settings\admin\Plocha\Word 2007.lnk
2016-01-08 15:00 - 2014-03-22 01:47 - 00000216 _____ C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-01-01 17:22 - 2010-02-22 16:36 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Data aplikací\Temp
==================== Files in the root of some directories =======
2008-11-18 15:21 - 2015-12-29 21:42 - 0049664 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-30 20:21 - 2016-01-30 20:21 - 0029696 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\MSGBOX.EXE
Some files in TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\avg-6032d05b-2c55-4513-a022-2e3f3efd8513.exe
C:\Documents and Settings\admin\Local Settings\Temp\avg-62a35851-43f9-4243-8bbf-6f5f90a54861.exe
C:\Documents and Settings\admin\Local Settings\Temp\avg-d7664325-0249-4d6f-b0fd-4649b1c35f24.exe
C:\Documents and Settings\admin\Local Settings\Temp\avg-eb6c394e-fb58-437c-9e6b-5a5ce6dfbf5b.exe
C:\Documents and Settings\admin\Local Settings\Temp\avg-f658d821-3bca-4104-a313-c23d9c27b532.exe
C:\Documents and Settings\admin\Local Settings\Temp\avguirn_081324498185.exe
C:\Documents and Settings\admin\Local Settings\Temp\avguirn_081985408988.exe
C:\Documents and Settings\admin\Local Settings\Temp\UNINSTALL.EXE
C:\Documents and Settings\admin\Local Settings\Temp\{C3BD53BB-9BC2-4598-AEA3-A0CA70FFE965}-46.0.2490.71_chrome_installer.exe
C:\Documents and Settings\admin\Local Settings\Temp\{DFDFB78D-F262-4419-B98D-7D9B60EECC1F}-46.0.2490.80_chrome_installer.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
