VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by Blanka at 2016-05-15 11:00:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (12%) free of 111 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:00:39, on 15.5.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\szninstall.exe
C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\bin\szndesktop.exe
C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\updates\7.9.6_42095\utorrentie.exe
C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\updates\7.9.6_42095\utorrentie.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Blanka\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Blanka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [MSStp] C:\WINDOWS\inf\msstp.vbe
O4 - HKLM\..\Run: [mnckfuakSrv] C:\WINDOWS\system32\mnckfuak.vbe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [BitTorrent] "C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Elite UnzipService (EliteUnzip_aaService) - Unknown owner - C:\PROGRA~1\ELITEU~1\bar\1.bin\aabarsvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8035 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\User_Feed_Synchronization-{D90B0509-1BFA-410E-A17C-880EC9BE4C6B}.job - C:\WINDOWS\system32\msfeedssync.exe sync

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-19 1183656]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-19 1958800]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-17 87584]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-27 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"MSStp"=C:\WINDOWS\inf\msstp.vbe [2014-03-06 1584]
"mnckfuakSrv"=C:\WINDOWS\system32\mnckfuak.vbe [2014-03-06 7670]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"cz.seznam.software.szndesktop"=C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"cz.seznam.software.autoupdate"=C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"BitTorrent"=C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe [2016-04-07 1963016]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Disabled:TmForever"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe"="C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL

======List of files/folders created in the last 1 month======

2016-05-15 11:00:33 ----D---- C:\rsit
2016-05-15 11:00:33 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 month======

2016-05-15 11:00:33 ----RD---- C:\Program Files
2016-05-15 11:00:01 ----D---- C:\WINDOWS\Temp
2016-05-15 10:57:13 ----D---- C:\Documents and Settings\Blanka\Data aplikací\BitTorrent
2016-05-15 02:43:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-05-14 19:14:01 ----D---- C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz
2016-05-12 16:26:09 ----D---- C:\WINDOWS\Prefetch
2016-05-11 22:32:11 ----D---- C:\WINDOWS\Debug
2016-05-11 22:32:11 ----A---- C:\WINDOWS\system32\MRT.exe
2016-05-11 15:12:04 ----SHD---- C:\WINDOWS\Installer
2016-05-11 15:07:57 ----SD---- C:\WINDOWS\Tasks
2016-05-11 15:06:29 ----D---- C:\WINDOWS\system32\CatRoot2
2016-05-07 15:13:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2016-05-04 15:30:57 ----D---- C:\WINDOWS
2016-05-03 14:51:53 ----D---- C:\WINDOWS\Minidump
2016-05-03 14:39:24 ----A---- C:\WINDOWS\NeroDigital.ini
2016-04-16 22:19:44 ----D---- C:\Documents and Settings\Blanka\Data aplikací\abgx360

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2002-01-01 114048]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2002-01-01 395744]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2002-01-01 39264]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-17 230944]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
S2 EliteUnzip_aaService;Elite UnzipService; C:\PROGRA~1\ELITEU~1\bar\1.bin\aabarsvc.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Zdravim

Je to pekne zavirovane.

Proc tam neni antivir???

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade na novejsi verzi a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

Dobry den, omlouvam se za male zpozdeni / prvni cast viz. nize

# AdwCleaner v5.200 - Log vytvořen 26/06/2016 v 17:30:37
# Aktualizováno 14/06/2016 by ToolsLib
# Databáze : 2016-06-25.3 [Server]
# Operační system : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Blanka - KEPKA-8947E124A
# Spuštěno z : C:\Documents and Settings\Blanka\Dokumenty\Downloads\adwcleaner_5.200.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

[-] Služba Smazáno : EliteUnzip_aaService
[!] Služba Ne Smazáno : EliteUnzip_aaService

***** [ Složky ] *****

[-] Složka Smazáno : C:\Documents and Settings\All Users\Data aplikací\apn
[-] Složka Smazáno : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
[-] Složka Smazáno : C:\Program Files\ICQ6Toolbar

***** [ Soubory ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Klíč Smazáno : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1AF33C13-6C63-488C-9DEA-17B0E7829DE5}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA5D70B2-0A92-4B43-B068-A0DD02898C56}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1AF33C13-6C63-488C-9DEA-17B0E7829DE5}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5350-4500-76A7-7A786E7484D7}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA5D70B2-0A92-4B43-B068-A0DD02898C56}
[-] Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
[-] Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
[-] Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Klíč Smazáno : HKCU\Software\ICQ\ICQToolbar
[-] Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolbar
[-] Klíč Smazáno : HKLM\SOFTWARE\ICQ\ICQToolbar
[-] Klíč Smazáno : HKLM\SOFTWARE\Mail.Ru
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1902}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
[-] Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Data Obnoveno : HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{50659115-F12A-4F15-A164-62490A3E34A4}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EE209F2D-EEE1-473B-993D-082E9D3A0124}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\icq.com

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4757 bytů] - [26/06/2016 17:30:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [5400 bytů] - [26/06/2016 17:28:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4903 bytů] ##########

snad je to tak dobre Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2016.06.26.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Blanka :: KEPKA-8947E124A [administrátor]

Ochrana: Zakázána

26.6.2016 17:58:38
MBAM-log-2016-06-26 (20-42-41).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 448495
Uplynulý čas: 1 hodin, 49 minut, 56 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF55CB9F-2729-4BFF-AFE5-EE59593B16E8} (PUP.Optional.MindSpark) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF55CB9F-2729-4BFF-AFE5-EE59593B16E8} (PUP.Optional.MindSpark) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\EliteUnzip_aa (PUP.Optional.MindSpark) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSStp (Trojan.Agent.SCR) -> Data: C:\WINDOWS\inf\msstp.vbe -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 7
C:\Documents and Settings\Blanka\Dokumenty\EliteUnzipSetup2.5.15.9.^BDG^man000^YYA^.exe (PUP.Optional.MindSpark) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Dominik\Local Settings\Temp\APNSetup.exe (PUP.Optional.APNToolBar) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Eda\Dokumenty\Downloads\FlvPlayerSetup.exe (PUP.Optional.CoolApp) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\dcgmnckfuak.exe (Trojan.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\acumnckfuak.exe (PUP.Optional.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\lcpmnckfuak.exe (Trojan.Agent.BCM) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\inf\msstp.vbe (Trojan.Agent.SCR) -> Nebyla provedena žádná instrukce.

(konec)

Peky píše:Dobry den, omlouvam se za male zpozdeni

Male???

Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

ok tady to je

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2016.06.27.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Blanka :: KEPKA-8947E124A [administrátor]

Ochrana: Zakázána

27.6.2016 19:33:45
mbam-log-2016-06-27 (19-33-45).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 447870
Uplynulý čas: 1 hodin, 43 minut, 14 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

bohuzel nejde stahnout tak jen log viz. nize

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2016 02
Ran by Blanka (administrator) on KEPKA-8947E124A (28-06-2016 15:25:20)
Running from C:\Documents and Settings\Blanka\Dokumenty\Downloads
Loaded Profiles: Blanka (Available Profiles: Blanka & Eda & Dominik & Karinka & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(BitTorrent Inc.) C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(BitTorrent Inc.) C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\updates\7.9.7_42331\utorrentie.exe
(BitTorrent Inc.) C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\updates\7.9.7_42331\utorrentie.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Smapp] => C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [90112 2002-06-26] (Analog Devices, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1183656 2006-10-19] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1958800 2006-10-19] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [87584 2006-10-17] (Acronis)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [mnckfuakSrv] => C:\WINDOWS\system32\mnckfuak.vbe [7670 2014-03-06] ()
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10] (Intel Corporation)
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [cz.seznam.software.szndesktop] => "C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [cz.seznam.software.autoupdate] => "C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\szninstall.exe" -c
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [BitTorrent] => C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe [1972232 2016-05-20] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe [961200 2015-03-19] (Adobe Systems Incorporated)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk [2015-06-02]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk [2015-06-02]
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1
Tcpip\..\Interfaces\{E106DF72-6CC3-458D-A5C7-35791BF15542}: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.seznam.cz/?clid=22668
URLSearchHook: [S-1-5-21-1229272821-1958367476-1547161642-1003] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {395BABE7-AA39-442B-AEE9-4EDABC0F8C02} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {4097E266-DCF5-43BF-BE75-1FE0C9BF080D} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {5F188AFE-B49E-41AD-A042-F36D61A813CC} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {9B4D94F9-439F-496B-AD2F-835B7E4755CE} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {AA106D7E-F574-47B4-8C75-71140C31753B} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {AD568FA8-4BA1-4CC9-9F5D-AF604CDAA195} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {E4595010-0B0A-41BC-8493-A56A667C1DEA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {F623DD05-C85C-4C62-BFD1-DB7B2B1E0C7E} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
BHO: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&osmkt=en-ww
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF SearchPlugin: C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\searchplugins\bingp.xml [2015-02-21]
FF Extension: Seznam lištička - C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-02-12] [not signed]
FF HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found

Chrome:
=======
CHR Profile: C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Disk Google) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [230944 2006-10-17] (Acronis)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S3 NetSvc; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [139264 2002-09-27] (Intel(R) Corporation) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-07-15] (Analog Devices, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [39264 2002-01-01] (Acronis)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 15:25 - 2016-06-28 15:25 - 00000000 ____D C:\FRST
2016-06-27 16:47 - 2016-06-27 16:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini062716-01.dmp
2016-06-26 17:43 - 2016-06-26 17:43 - 00000000 ____D C:\Documents and Settings\Blanka\Data aplikací\Malwarebytes
2016-06-26 17:43 - 2016-06-26 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-06-26 17:27 - 2016-06-26 17:30 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 15:26 - 2015-10-26 11:20 - 00000000 ____D C:\Documents and Settings\Blanka\Data aplikací\BitTorrent
2016-06-28 15:25 - 2014-11-04 08:34 - 00000468 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{D90B0509-1BFA-410E-A17C-880EC9BE4C6B}.job
2016-06-28 15:25 - 2002-01-01 01:17 - 00000000 ____D C:\Documents and Settings\Blanka\Local Settings\Temp
2016-06-28 15:24 - 2002-01-01 01:17 - 00000000 ____D C:\Documents and Settings\Blanka\Plocha
2016-06-28 15:22 - 2015-01-26 07:54 - 00000003 _____ C:\Documents and Settings\Blanka\stut
2016-06-28 15:20 - 2015-04-07 23:20 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-28 15:20 - 2014-10-30 16:33 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-06-28 15:20 - 2014-10-30 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-06-28 15:20 - 2002-01-01 01:06 - 00000238 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-06-28 15:19 - 2014-10-30 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-27 22:11 - 2014-10-30 16:45 - 00032338 _____ C:\WINDOWS\SchedLgU.Txt
2016-06-27 22:11 - 2002-01-01 01:17 - 00000272 ___SH C:\Documents and Settings\Blanka\ntuser.ini
2016-06-27 21:13 - 2015-04-07 23:20 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-27 19:28 - 2015-09-12 09:48 - 00000000 ____D C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz
2016-06-27 19:24 - 2014-10-31 18:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2016-06-27 16:47 - 2015-03-11 10:23 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-27 16:40 - 2014-11-01 10:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2016-06-27 16:39 - 2014-10-30 16:22 - 00000000 ___HD C:\WINDOWS\inf
2016-06-27 16:07 - 2015-01-26 07:52 - 00001259 _____ C:\Documents and Settings\Blanka\rgut
2016-06-26 17:43 - 2014-10-30 16:33 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-06-26 17:43 - 2002-01-01 01:17 - 00000000 __RHD C:\Documents and Settings\Blanka\Data aplikací
2016-06-26 17:30 - 2002-01-01 02:09 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ICQ
2016-06-26 17:28 - 2014-11-05 08:25 - 00000000 ____D C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google
2016-06-26 17:28 - 2014-11-05 08:23 - 00000000 ____D C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Adobe
2016-06-26 17:27 - 2015-04-08 08:50 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Google
2016-06-26 17:27 - 2014-11-05 08:25 - 00000000 ____D C:\Program Files\Google
2016-06-26 17:26 - 2014-11-05 08:25 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-06-26 17:26 - 2014-11-05 08:25 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-06-25 11:37 - 2015-03-19 13:21 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-24 21:21 - 2008-04-14 14:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
2016-06-21 20:55 - 2002-01-01 02:14 - 00000272 ___SH C:\Documents and Settings\Eda\ntuser.ini
2016-06-21 14:41 - 2002-01-01 02:13 - 00000000 ____D C:\Documents and Settings\Eda\Local Settings\Temp
2016-06-21 14:20 - 2015-01-25 19:29 - 00001259 _____ C:\Documents and Settings\Eda\rgut
2016-06-15 22:40 - 2014-11-12 14:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 22:25 - 2014-10-31 18:36 - 139785240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 12:47 - 2002-01-01 02:13 - 00000000 ____D C:\Documents and Settings\Eda
2016-06-10 16:28 - 2002-01-01 02:43 - 00000178 ___SH C:\Documents and Settings\Karinka\ntuser.ini
2016-06-10 16:27 - 2014-11-12 15:05 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2016-06-10 15:12 - 2002-01-01 01:17 - 00000000 ___HD C:\Documents and Settings\Blanka\Local Settings\Data aplikací
2016-06-10 15:10 - 2015-11-04 16:25 - 00000000 ____D C:\Documents and Settings\Karinka\Data aplikací\Seznam.cz
2016-06-10 15:10 - 2002-01-01 02:43 - 00000000 ____D C:\Documents and Settings\Karinka\Local Settings\Temp
2016-06-10 15:07 - 2015-01-25 19:20 - 00001259 _____ C:\Documents and Settings\Karinka\rgut
2016-06-08 15:00 - 2002-01-01 01:04 - 00000232 _____ C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-05-29 19:35 - 2015-11-13 19:17 - 00000000 ____D C:\Documents and Settings\Blanka\Data aplikací\abgx360

==================== Files in the root of some directories =======

2014-11-10 20:02 - 2016-05-19 15:38 - 0034304 _____ () C:\Documents and Settings\Blanka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\269601USA8.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\adminchk.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\AEEnable.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Instngin.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\PCIUtil.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RemADI.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Setup.exe
C:\Documents and Settings\Blanka\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\Blanka\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\Blanka\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Blanka\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Documents and Settings\Dominik\Local Settings\Temp\GuardICQ.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Combo Fix se "sekne"pri vytvareni bodu obnovy / stahovani nebylo uspesne pritom sit / internet jede ? Co s tim mohu vice delat.

Zkuste to v nouzovem rezimu s praci v siti

je to stale stejne, problem bude zrejme v tom, ze neni naistalovana konzola pro zotaveni

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [mnckfuakSrv] => C:\WINDOWS\system32\mnckfuak.vbe [7670 2014-03-06] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [cz.seznam.software.szndesktop] => "C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [cz.seznam.software.autoupdate] => "C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\szninstall.exe" -c
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [BitTorrent] => C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe [1972232 2016-05-20] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe [961200 2015-03-19] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

URLSearchHook: [S-1-5-21-1229272821-1958367476-1547161642-1003] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)

FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&osmkt=en-ww
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF SearchPlugin: C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\searchplugins\bingp.xml [2015-02-21]
FF Extension: Seznam lištička - C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-02-12] [not signed]
FF HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found

S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\system32\mnckfuak.vbe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Pak zkuste znovu ComboFix

problem s instalaci konzoly se mne podarilo odstranit, spustim "combo", ale ten se po chvili "sekne"

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-06-2016
Ran by Blanka (2016-06-30 16:51:25) Run:2
Running from C:\Documents and Settings\Blanka\Plocha
Loaded Profiles: Blanka (Available Profiles: Blanka & Eda & Dominik & Karinka & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [mnckfuakSrv] => C:\WINDOWS\system32\mnckfuak.vbe [7670 2014-03-06] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [cz.seznam.software.szndesktop] => "C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [cz.seznam.software.autoupdate] => "C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz\szninstall.exe" -c
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Run: [BitTorrent] => C:\Documents and Settings\Blanka\Data aplikací\BitTorrent\BitTorrent.exe [1972232 2016-05-20] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe [961200 2015-03-19] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

URLSearchHook: [S-1-5-21-1229272821-1958367476-1547161642-1003] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-26] (Google Inc.)

FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&osmkt=en-ww
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF SearchPlugin: C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\searchplugins\bingp.xml [2015-02-21]
FF Extension: Seznam lištička - C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-02-12] [not signed]
FF HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found

S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\system32\mnckfuak.vbe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mnckfuakSrv => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value not found.
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => value not found.
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value not found.
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value not found.
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
Could not restore Default URLSearchHook.
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633} => key not found.
HKCR\CLSID\{63894242-d1a7-4235-a425-c124cb8f4633} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully.
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
Firefox SearchEngineOrder.3 removed successfully.
Firefox SelectedSearchEngine removed successfully.
Firefox "homepage" removed successfully.
Firefox "Keyword.URL" removed successfully.
C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\searchplugins\bingp.xml => moved successfully
C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => moved successfully
C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully.
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value removed successfully.
gupdate => service removed successfully.
gupdatem => service removed successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => moved successfully
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => moved successfully
C:\WINDOWS\system32\mnckfuak.vbe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 2727710 B
Java, Flash, Steam htmlcache => 14160 B
Windows/system/dllcache/drivers => 104385 B
Edge => 0 B
Chrome => 536103192 B
Firefox => 323069585 B
Opera => 393210926 B

Temp, IE cache, history, cookies, recent:
Default User => 66164 B
All Users => 0 B
systemprofile => 169144 B
LocalService => 10178388 B
NetworkService => 66231 B
Blanka => 101610040 B
Eda => 45538366 B
Dominik => 220224676 B
Karinka => 15549360 B
Administrator => 45942700 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:55:29 ====

VIRY.CZ

Celkoove zpomaleni PC ?

Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?

Re: Celkoove zpomaleni PC ?