Kontrolu logu prosím - Malware

[Leeep]

Dobrý den, můžu poprosit o kontrolu logu prosím? Mám problém s nějakým virem na facebooku, rozesílá nesmyslné odkazy a zprávy lidem.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-04-2016
Ran by UZIVATEL (administrator) on UZIVATEL-PC (01-05-2016 11:38:57)
Running from C:\Documents and Settings\UZIVATEL\Plocha
Loaded Profiles: UZIVATEL (Available Profiles: UZIVATEL & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Inc.) C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Ralink Technology, Corp.) C:\Program Files\RALINK\Common\RaRegistry.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_05\BIN\JUSCHED.EXE
(Acer Inc.) C:\Program Files\Acer\Acer eMode Management\AspireService.exe
(Acer Inc.) C:\Program Files\Acer\Acer eConsole\MediaSync.exe
(acer Inc.) C:\Acer\Empowering Technology\eRecovery\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(MyHeritage) C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Messenger\MSMSGS.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Ralink Technology, Corp.) C:\Program Files\RALINK\Common\RaUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\WBEM\UNSECAPP.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LaunchApp] => Alaunch
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-18] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [36975 2005-08-26] (Sun Microsystems, Inc.)
HKLM\...\Run: [AspireService] => C:\Program Files\Acer\Acer eMode Management\AspireService.exe [110592 2006-01-19] (Acer Inc.)
HKLM\...\Run: [MediaSync] => C:\Program Files\Acer\Acer eConsole\MediaSync.exe [425984 2005-09-21] (Acer Inc.)
HKLM\...\Run: [eRecoveryService] => C:\Acer\Empowering Technology\eRecovery\Monitor.exe [397312 2005-11-16] (acer Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Family Tree Builder Update] => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-11-12] (MyHeritage)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [8007392 2016-01-28] ()
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4810520 2014-09-25] (Piriform Ltd)
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\...\Run: [Samsung Appstore] => C:\Documents and Settings\UZIVATEL\Data aplikací\Mozila\autoit.exe [934400 2016-04-29] (AutoIt Team)
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\...\Run: [WinThruster] => C:\Program Files\WinThruster\WinThruster.exe [7129208 2015-11-25] (Solvusoft Corporation)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk [2011-09-18]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
BootExecute: autocheck autochk * ROBoot \??\C:\WINDOWS\system32\ASOROSet.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1F9DA2A1-EC28-41FC-851B-30796C46F34C}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{53A73884-C057-4ABD-ACCF-5D8BE433B1D1}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D6B3CCD5-9926-445A-85C6-56BD6381ACFC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DD64D537-6D21-4FB0-8C3E-4B775E86CCE3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&iwk=%iwk&%language
SearchScopes: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> {BF73F132-ECED-41D3-AD9B-63D85EBD4C75} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-18] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/"
CHR Profile: C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-06]
CHR Extension: (i47grE999e) - C:\Documents and Settings\UZIVATEL\Data aplikací\Mozila [2016-04-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [438272 2005-09-21] (Acer Inc.) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [659872 2016-01-28] ()
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-07-08] (NVIDIA Corporation) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\RALINK\Common\RaRegistry.exe [185632 2009-07-14] (Ralink Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2011-07-04] (Meetinghouse Data Communications) [File not signed]
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2006-07-01] (Advanced Micro Devices)
R3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1254920 2016-01-05] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [261400 2016-01-05] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [638976 2016-01-05] (BitDefender)
R3 Bdfndisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf.sys [116248 2015-01-06] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2015-01-06] (BitDefender LLC)
R1 bdselfpr; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\bdselfpr.sys [135600 2015-12-09] (BitDefender LLC)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [169992 2015-12-09] (BitDefender LLC)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2009-01-23] (LogMeIn, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R2 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2005-01-26] (NewTech Infosystems, Inc.) [File not signed]
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [98432 2005-08-13] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-30] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-30] (NVIDIA Corporation)
R1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2015-01-12] () [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [476544 2009-07-17] (Ralink Technology, Corp.)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 sfdrv01a; C:\WINDOWS\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
R0 sfvfs02; C:\WINDOWS\System32\drivers\sfvfs02.sys [82296 2007-01-12] (Protection Technology (StarForce))
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-08-10] () [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2016-05-01] ()
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [408280 2015-12-09] (BitDefender S.R.L.)
R1 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] ()
U3 a7k0ofvg; C:\WINDOWS\system32\Drivers\a7k0ofvg.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\DOCUME~1\UZIVATEL\LOCALS~1\Temp\catchme.sys [X]
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 11:38 - 2016-05-01 11:38 - 00015092 _____ C:\Documents and Settings\UZIVATEL\Plocha\FRST.txt
2016-05-01 11:37 - 2016-05-01 11:37 - 00000000 ____D C:\FRST
2016-05-01 11:36 - 2016-05-01 11:37 - 01728000 _____ (Farbar) C:\Documents and Settings\UZIVATEL\Plocha\FRST.exe
2016-05-01 11:14 - 2016-05-01 11:14 - 00002402 _____ C:\WINDOWS\system32\ASOROSet.bin
2016-05-01 11:14 - 2016-05-01 11:14 - 00000000 ____D C:\WINDOWS\system32\config\RCCBakup
2016-05-01 10:40 - 2016-05-01 10:40 - 00000276 _____ C:\WINDOWS\Tasks\WinThruster_UPDATES.job
2016-05-01 10:40 - 2016-05-01 10:40 - 00000268 _____ C:\WINDOWS\Tasks\WinThruster_DEFAULT.job
2016-05-01 10:40 - 2016-05-01 10:40 - 00000000 ____D C:\Program Files\WinThruster
2016-05-01 10:40 - 2016-05-01 10:40 - 00000000 ____D C:\Documents and Settings\UZIVATEL\Data aplikací\Solvusoft
2016-05-01 10:40 - 2016-05-01 10:40 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\WinThruster
2016-05-01 10:40 - 2015-11-25 13:01 - 00019576 _____ (solvusoft) C:\WINDOWS\system32\roboot.exe
2016-04-30 16:52 - 2016-04-30 16:52 - 00001721 _____ C:\Documents and Settings\Administrator\Plocha\Google Chrome.lnk
2016-04-30 16:51 - 2016-04-30 16:53 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-04-30 16:51 - 2016-04-30 16:52 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
2016-04-30 16:51 - 2016-04-30 16:51 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2016-04-30 16:51 - 2016-04-30 16:51 - 00000000 ____D C:\Documents and Settings\Administrator
2016-04-30 16:51 - 2005-01-26 20:23 - 00000000 ____D C:\Documents and Settings\Administrator\Data aplikací\Symantec
2016-04-30 16:51 - 2005-01-26 20:17 - 00000675 _____ C:\Documents and Settings\Administrator\Nabídka Start\Programy\Internet Explorer.lnk
2016-04-30 16:51 - 2005-01-26 20:17 - 00000646 _____ C:\Documents and Settings\Administrator\Nabídka Start\Programy\Outlook Express.lnk
2016-04-30 16:51 - 2005-01-26 20:17 - 00000000 ___RD C:\Documents and Settings\Administrator\Oblíbené položky
2016-04-30 16:51 - 2005-01-26 20:17 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty\Obrázky
2016-04-30 16:51 - 2005-01-26 20:17 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty\Hudba
2016-04-30 16:51 - 2005-01-26 20:17 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty
2016-04-30 16:51 - 2005-01-26 20:16 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty\{9DF687E7-381C-4882-A05F-4ADF1DD53394}
2016-04-30 16:51 - 2005-01-26 20:08 - 00001507 _____ C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-04-30 16:51 - 2005-01-26 20:07 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___HD C:\Documents and Settings\Administrator\Šablony
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní tiskárny
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní síť
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-04-30 16:35 - 2016-04-30 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-04-30 16:35 - 2016-04-30 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-04-30 16:35 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-30 16:35 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-30 14:20 - 2016-04-30 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\BitDefender
2016-04-30 13:56 - 2015-01-06 12:47 - 00842368 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00179560 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00161544 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00136824 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00135288 _____ C:\WINDOWS\system32\bdfwcore.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00110568 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00086896 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2016-04-30 13:55 - 2016-05-01 11:01 - 00001959 _____ C:\Documents and Settings\All Users\Plocha\Ad-Aware Antivirus.lnk
2016-04-30 13:55 - 2016-04-30 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Lavasoft
2016-04-30 13:50 - 2016-04-30 13:50 - 00000000 ____D C:\Program Files\Lavasoft
2016-04-30 13:48 - 2016-04-30 13:48 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-04-30 13:47 - 2016-04-30 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2016-04-29 21:57 - 2016-04-29 21:57 - 00000975 _____ C:\Documents and Settings\UZIVATEL\Plocha\Internet Explorer.lnk
2016-04-29 21:57 - 2016-04-29 21:57 - 00000000 ____D C:\Documents and Settings\UZIVATEL\Data aplikací\Mozila
2016-04-16 21:58 - 2016-04-30 19:24 - 00054272 _____ C:\Documents and Settings\UZIVATEL\Plocha\plán práce květen 2016.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 11:38 - 2013-04-20 21:28 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-01 11:32 - 2006-01-01 12:46 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-01 11:23 - 2014-12-27 11:24 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-01 11:01 - 2006-01-01 00:04 - 00000724 _____ C:\WINDOWS\system32\eRLog.ini
2016-05-01 11:00 - 2014-03-25 17:21 - 00000228 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-05-01 11:00 - 2006-01-01 12:46 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-01 11:00 - 2005-02-02 12:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-01 10:59 - 2008-11-12 12:51 - 00000178 ___SH C:\Documents and Settings\UZIVATEL\ntuser.ini
2016-05-01 10:59 - 2005-02-02 12:49 - 00032412 _____ C:\WINDOWS\SchedLgU.Txt
2016-04-30 22:56 - 2013-08-11 13:42 - 00000472 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{02B930F6-2BE5-4781-B7CB-FA6FA86DA898}.job
2016-04-30 13:30 - 2011-07-06 12:31 - 00033280 _____ C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-29 21:57 - 2015-02-01 11:53 - 00000975 _____ C:\Documents and Settings\UZIVATEL\Plocha\Google Chrome.lnk
2016-04-27 19:12 - 2011-07-04 06:28 - 00002563 _____ C:\Documents and Settings\UZIVATEL\Plocha\Microsoft Office Word 2007.lnk
2016-04-13 20:03 - 2012-01-04 16:30 - 00013413 _____ C:\Documents and Settings\UZIVATEL\Plocha\tankovan Fábiai.xlsx
2016-04-13 13:21 - 2011-07-04 05:49 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 20:33 - 2006-01-01 12:50 - 00001727 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome.lnk
2016-04-08 13:38 - 2015-11-10 18:38 - 05338816 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-04-08 13:38 - 2013-04-20 21:28 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-08 13:38 - 2011-07-06 16:34 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-04-06 13:39 - 2011-08-22 20:27 - 00001394 _____ C:\Documents and Settings\UZIVATEL\Plocha\Kalkulačka.lnk
2016-04-04 18:58 - 2005-02-02 12:49 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2011-07-06 12:31 - 2016-04-30 13:30 - 0033280 _____ () C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-03 19:23 - 2014-08-03 19:23 - 0000253 ____H () C:\Documents and Settings\All Users\hpothb07.tif
2014-08-03 19:23 - 2014-08-03 19:23 - 0000164 ____H () C:\Documents and Settings\All Users\hpothb07.dat
2011-07-06 22:00 - 2011-12-03 10:50 - 0001140 _____ () C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
2014-08-03 19:23 - 2014-08-03 19:23 - 0000257 ____H () C:\Documents and Settings\All Users\Data aplikací\hpothb07.tif
2014-08-03 19:23 - 2014-08-03 19:23 - 0000182 ____H () C:\Documents and Settings\All Users\Data aplikací\hpothb07.dat
2015-01-12 07:23 - 2015-01-12 07:23 - 0000016 _____ () C:\Documents and Settings\All Users\Data aplikací\mntemp

Files to move or delete:
====================
C:\Documents and Settings\All Users\hpothb07.dat
C:\Documents and Settings\UZIVATEL\hpothb07.dat


Some files in TEMP:
====================
C:\Documents and Settings\UZIVATEL\Local Settings\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[Leeep]

Zde je log.

# AdwCleaner v5.114 - Log soubor vytvořen 01/05/2016 o 13:07:11
# Aktualizováno 27/04/2016 by Xplode
# Databáze : 2016-04-27.1 [Místní]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Jméno uživatele : UZIVATEL - UZIVATEL-PC
# Spuštěno z : C:\Documents and Settings\UZIVATEL\Dokumenty\Downloads\adwcleaner_5.114.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
[-] Složka smazáno : C:\Documents and Settings\All Users\Data aplikací\Media Get LLC
[-] Složka smazáno : C:\Documents and Settings\All Users\Nabídka Start\Programy\WinThruster
[-] Složka smazáno : C:\Program Files\DAEMON Tools Toolbar
[-] Složka smazáno : C:\Program Files\WinThruster

***** [ Soubory ] *****

[-] Soubor smazáno : C:\WINDOWS\system32\roboot.exe

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****

[-] Úkol smazáno : WinThruster_DEFAULT
[-] Úkol smazáno : WinThruster_UPDATES

***** [ Registr ] *****

[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\driverscanner
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
[-] Klávesa smazáno : HKCU\Software\Headlight
[-] Klávesa smazáno : HKCU\Software\Solvusoft
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\adawarebp
[-] Klávesa smazáno : HKLM\SOFTWARE\ICQ\ICQToolbar
[-] Klávesa smazáno : HKLM\SOFTWARE\Solvusoft
[-] Klávesa smazáno : HKLM\SOFTWARE\Uniblue
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster_is1
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Obnoveno : HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\MediaGet2
[-] Hodnota smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Samsung Appstore]
[#] Hodnota smazáno : HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\Software\Microsoft\Windows\CurrentVersion\Run [Samsung Appstore]

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [6180 bytes] - [01/05/2016 13:04:06]
C:\AdwCleaner\AdwCleaner[C1].txt - [5878 bytes] - [01/05/2016 13:07:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5951 bytes] ##########

[Rudy]

Dejte nový log FRST.

[Leeep]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-04-2016
Ran by UZIVATEL (administrator) on UZIVATEL-PC (01-05-2016 20:39:35)
Running from C:\Documents and Settings\UZIVATEL\Plocha
Loaded Profiles: UZIVATEL (Available Profiles: UZIVATEL & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Inc.) C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Ralink Technology, Corp.) C:\Program Files\RALINK\Common\RaRegistry.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_05\BIN\JUSCHED.EXE
(Acer Inc.) C:\Program Files\Acer\Acer eMode Management\AspireService.exe
(Acer Inc.) C:\Program Files\Acer\Acer eConsole\MediaSync.exe
(acer Inc.) C:\Acer\Empowering Technology\eRecovery\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(MyHeritage) C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Messenger\MSMSGS.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Ralink Technology, Corp.) C:\Program Files\RALINK\Common\RaUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\WBEM\UNSECAPP.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LaunchApp] => Alaunch
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-18] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [36975 2005-08-26] (Sun Microsystems, Inc.)
HKLM\...\Run: [AspireService] => C:\Program Files\Acer\Acer eMode Management\AspireService.exe [110592 2006-01-19] (Acer Inc.)
HKLM\...\Run: [MediaSync] => C:\Program Files\Acer\Acer eConsole\MediaSync.exe [425984 2005-09-21] (Acer Inc.)
HKLM\...\Run: [eRecoveryService] => C:\Acer\Empowering Technology\eRecovery\Monitor.exe [397312 2005-11-16] (acer Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Family Tree Builder Update] => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-11-12] (MyHeritage)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [8007392 2016-01-28] ()
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4810520 2014-09-25] (Piriform Ltd)
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\...\Run: [WinThruster] => "C:\Program Files\WinThruster\WinThruster.exe" StartedAfter50PerNOpt
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk [2011-09-18]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
BootExecute: autocheck autochk * ROBoot \??\C:\WINDOWS\system32\ASOROSet.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1F9DA2A1-EC28-41FC-851B-30796C46F34C}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{53A73884-C057-4ABD-ACCF-5D8BE433B1D1}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D6B3CCD5-9926-445A-85C6-56BD6381ACFC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DD64D537-6D21-4FB0-8C3E-4B775E86CCE3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> {BF73F132-ECED-41D3-AD9B-63D85EBD4C75} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-18] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR StartupUrls: Default -> "hxxp://www.centrum.cz/"
CHR Profile: C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-06]
CHR Extension: (i47grE999e) - C:\Documents and Settings\UZIVATEL\Data aplikací\Mozila [2016-04-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [438272 2005-09-21] (Acer Inc.) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [659872 2016-01-28] ()
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-07-08] (NVIDIA Corporation) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\RALINK\Common\RaRegistry.exe [185632 2009-07-14] (Ralink Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2011-07-04] (Meetinghouse Data Communications) [File not signed]
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2006-07-01] (Advanced Micro Devices)
R3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1254920 2016-01-05] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [261400 2016-01-05] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [638976 2016-01-05] (BitDefender)
R3 Bdfndisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf.sys [116248 2015-01-06] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2015-01-06] (BitDefender LLC)
R1 bdselfpr; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\bdselfpr.sys [135600 2015-12-09] (BitDefender LLC)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [169992 2015-12-09] (BitDefender LLC)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2009-01-23] (LogMeIn, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R2 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2005-01-26] (NewTech Infosystems, Inc.) [File not signed]
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [98432 2005-08-13] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-30] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-30] (NVIDIA Corporation)
R1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2015-01-12] () [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [476544 2009-07-17] (Ralink Technology, Corp.)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 sfdrv01a; C:\WINDOWS\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
R0 sfvfs02; C:\WINDOWS\System32\drivers\sfvfs02.sys [82296 2007-01-12] (Protection Technology (StarForce))
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-08-10] () [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2016-05-01] ()
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [408280 2015-12-09] (BitDefender S.R.L.)
R1 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] ()
U3 aed60p09; C:\WINDOWS\system32\Drivers\aed60p09.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\DOCUME~1\UZIVATEL\LOCALS~1\Temp\catchme.sys [X]
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 13:03 - 2016-05-01 13:03 - 00000000 ____D C:\AdwCleaner
2016-05-01 11:40 - 2016-05-01 11:41 - 00067340 _____ C:\Documents and Settings\UZIVATEL\Plocha\Addition.txt
2016-05-01 11:38 - 2016-05-01 20:39 - 00014235 _____ C:\Documents and Settings\UZIVATEL\Plocha\FRST.txt
2016-05-01 11:37 - 2016-05-01 11:37 - 00000000 ____D C:\FRST
2016-05-01 11:36 - 2016-05-01 11:37 - 01728000 _____ (Farbar) C:\Documents and Settings\UZIVATEL\Plocha\FRST.exe
2016-05-01 11:14 - 2016-05-01 11:14 - 00002402 _____ C:\WINDOWS\system32\ASOROSet.bin
2016-05-01 11:14 - 2016-05-01 11:14 - 00000000 ____D C:\WINDOWS\system32\config\RCCBakup
2016-05-01 10:40 - 2016-05-01 10:40 - 00000000 ____D C:\Documents and Settings\UZIVATEL\Data aplikací\Solvusoft
2016-04-30 16:52 - 2016-04-30 16:52 - 00001721 _____ C:\Documents and Settings\Administrator\Plocha\Google Chrome.lnk
2016-04-30 16:51 - 2016-04-30 16:53 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-04-30 16:51 - 2016-04-30 16:52 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
2016-04-30 16:51 - 2016-04-30 16:51 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2016-04-30 16:51 - 2016-04-30 16:51 - 00000000 ____D C:\Documents and Settings\Administrator
2016-04-30 16:51 - 2005-01-26 20:23 - 00000000 ____D C:\Documents and Settings\Administrator\Data aplikací\Symantec
2016-04-30 16:51 - 2005-01-26 20:17 - 00000675 _____ C:\Documents and Settings\Administrator\Nabídka Start\Programy\Internet Explorer.lnk
2016-04-30 16:51 - 2005-01-26 20:17 - 00000646 _____ C:\Documents and Settings\Administrator\Nabídka Start\Programy\Outlook Express.lnk
2016-04-30 16:51 - 2005-01-26 20:17 - 00000000 ___RD C:\Documents and Settings\Administrator\Oblíbené položky
2016-04-30 16:51 - 2005-01-26 20:17 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty\Obrázky
2016-04-30 16:51 - 2005-01-26 20:17 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty\Hudba
2016-04-30 16:51 - 2005-01-26 20:17 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty
2016-04-30 16:51 - 2005-01-26 20:16 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty\{9DF687E7-381C-4882-A05F-4ADF1DD53394}
2016-04-30 16:51 - 2005-01-26 20:08 - 00001507 _____ C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-04-30 16:51 - 2005-01-26 20:07 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___HD C:\Documents and Settings\Administrator\Šablony
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní tiskárny
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní síť
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2016-04-30 16:51 - 2005-01-26 20:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-04-30 16:35 - 2016-04-30 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-04-30 16:35 - 2016-04-30 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-04-30 16:35 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-30 16:35 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-30 14:20 - 2016-04-30 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\BitDefender
2016-04-30 13:56 - 2015-01-06 12:47 - 00842368 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00179560 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00161544 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00136824 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00135288 _____ C:\WINDOWS\system32\bdfwcore.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00110568 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2016-04-30 13:56 - 2015-01-06 12:47 - 00086896 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2016-04-30 13:55 - 2016-05-01 13:10 - 00001959 _____ C:\Documents and Settings\All Users\Plocha\Ad-Aware Antivirus.lnk
2016-04-30 13:55 - 2016-04-30 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Lavasoft
2016-04-30 13:50 - 2016-04-30 13:50 - 00000000 ____D C:\Program Files\Lavasoft
2016-04-30 13:48 - 2016-04-30 13:48 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-04-30 13:47 - 2016-04-30 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2016-04-29 21:57 - 2016-04-29 21:57 - 00000975 _____ C:\Documents and Settings\UZIVATEL\Plocha\Internet Explorer.lnk
2016-04-29 21:57 - 2016-04-29 21:57 - 00000000 ____D C:\Documents and Settings\UZIVATEL\Data aplikací\Mozila
2016-04-16 21:58 - 2016-05-01 18:45 - 00054272 _____ C:\Documents and Settings\UZIVATEL\Plocha\plán práce květen 2016.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 20:38 - 2013-04-20 21:28 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-01 20:32 - 2006-01-01 12:46 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-01 19:32 - 2006-01-01 12:46 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-01 13:09 - 2006-01-01 00:04 - 00000781 _____ C:\WINDOWS\system32\eRLog.ini
2016-05-01 13:08 - 2014-03-25 17:21 - 00000228 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-05-01 13:08 - 2005-02-02 12:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-01 13:07 - 2008-11-12 12:51 - 00000178 ___SH C:\Documents and Settings\UZIVATEL\ntuser.ini
2016-05-01 13:07 - 2005-02-02 12:49 - 00032412 _____ C:\WINDOWS\SchedLgU.Txt
2016-05-01 11:23 - 2014-12-27 11:24 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-30 22:56 - 2013-08-11 13:42 - 00000472 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{02B930F6-2BE5-4781-B7CB-FA6FA86DA898}.job
2016-04-30 13:30 - 2011-07-06 12:31 - 00033280 _____ C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-29 21:57 - 2015-02-01 11:53 - 00000975 _____ C:\Documents and Settings\UZIVATEL\Plocha\Google Chrome.lnk
2016-04-27 19:12 - 2011-07-04 06:28 - 00002563 _____ C:\Documents and Settings\UZIVATEL\Plocha\Microsoft Office Word 2007.lnk
2016-04-13 20:03 - 2012-01-04 16:30 - 00013413 _____ C:\Documents and Settings\UZIVATEL\Plocha\tankovan Fábiai.xlsx
2016-04-13 13:21 - 2011-07-04 05:49 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 20:33 - 2006-01-01 12:50 - 00001727 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome.lnk
2016-04-08 13:38 - 2015-11-10 18:38 - 05338816 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-04-08 13:38 - 2013-04-20 21:28 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-08 13:38 - 2011-07-06 16:34 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-04-06 13:39 - 2011-08-22 20:27 - 00001394 _____ C:\Documents and Settings\UZIVATEL\Plocha\Kalkulačka.lnk
2016-04-04 18:58 - 2005-02-02 12:49 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2011-07-06 12:31 - 2016-04-30 13:30 - 0033280 _____ () C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-03 19:23 - 2014-08-03 19:23 - 0000253 ____H () C:\Documents and Settings\All Users\hpothb07.tif
2014-08-03 19:23 - 2014-08-03 19:23 - 0000164 ____H () C:\Documents and Settings\All Users\hpothb07.dat
2011-07-06 22:00 - 2011-12-03 10:50 - 0001140 _____ () C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
2014-08-03 19:23 - 2014-08-03 19:23 - 0000257 ____H () C:\Documents and Settings\All Users\Data aplikací\hpothb07.tif
2014-08-03 19:23 - 2014-08-03 19:23 - 0000182 ____H () C:\Documents and Settings\All Users\Data aplikací\hpothb07.dat
2015-01-12 07:23 - 2015-01-12 07:23 - 0000016 _____ () C:\Documents and Settings\All Users\Data aplikací\mntemp

Files to move or delete:
====================
C:\Documents and Settings\All Users\hpothb07.dat
C:\Documents and Settings\UZIVATEL\hpothb07.dat


Some files in TEMP:
====================
C:\Documents and Settings\UZIVATEL\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\UZIVATEL\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\UZIVATEL\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\UZIVATEL\Local Settings\Temp\msvcr120.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [36975 2005-08-26] (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
CHR Extension: (i47grE999e) - C:\Documents and Settings\UZIVATEL\Data aplikací\Mozila [2016-04-29]
R1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2015-01-12] () [File not signed]
U3 aed60p09; C:\WINDOWS\system32\Drivers\aed60p09.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 IntelIde; no ImagePath
U3 TlntSvr; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\All Users\hpothb07.dat
C:\Documents and Settings\UZIVATEL\hpothb07.dat
C:\Documents and Settings\UZIVATEL\Local Settings\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Leeep]

Fix result of Farbar Recovery Scan Tool (x86) Version:30-04-2016
Ran by UZIVATEL (2016-05-01 21:16:27) Run:3
Running from C:\Documents and Settings\UZIVATEL\Plocha
Loaded Profiles: UZIVATEL (Available Profiles: UZIVATEL & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [36975 2005-08-26] (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1295110909-3134338516-3931448456-1006 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
CHR Extension: (i47grE999e) - C:\Documents and Settings\UZIVATEL\Data aplikací\Mozila [2016-04-29]
R1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2015-01-12] () [File not signed]
U3 aed60p09; C:\WINDOWS\system32\Drivers\aed60p09.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 IntelIde; no ImagePath
U3 TlntSvr; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\All Users\hpothb07.dat
C:\Documents and Settings\UZIVATEL\hpothb07.dat
C:\Documents and Settings\UZIVATEL\Local Settings\Temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
"C:\Program Files\Google\Google Toolbar" => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1295110909-3134338516-3931448456-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value not found.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
C:\Documents and Settings\UZIVATEL\Data aplikací\Mozila => not found.
oreans32 => service not found.
aed60p09 => service not found.
IntelIde => service not found.
TlntSvr => service not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job" => not found.
"C:\Documents and Settings\UZIVATEL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
"C:\Documents and Settings\All Users\hpothb07.dat" => not found.
"C:\Documents and Settings\UZIVATEL\hpothb07.dat" => not found.
"C:\Documents and Settings\UZIVATEL\Local Settings\Temp" => not found.

==== End of Fixlog 21:16:27 ====

[Rudy]

OK. Udělejte ještě kompletní sken MBAM: http://filehippo.com/download_malwareby ... are/14815/ a dejte log. Předem nic nemažte. Výzvu ke stažení novější verze ignorujte, pod XP nefunguje.