Zasekany notebook

Zpráva

Vitek · #1 Příspěvek od **Vitek** » 16 led 2017 15:42

Zdravím, matka ma starý mini notebook a už se seká jako blázen tak píšu jestli by stím nešlo něco dělat nebo nějak vyčistit. Přikládám log

Předem děkuji za pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2017
Ran by Zdenka - RĹŻĹľiÄŤkovĂˇ (administrator) on ACER-416B084946 (16-01-2017 15:31:09)
Running from C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha
Loaded Profiles: Zdenka - RĹŻĹľiÄŤkovĂˇ (Available Profiles: Zdenka - RĹŻĹľiÄŤkovĂˇ & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: ÄŚeĹˇtina
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(sonix) C:\WINDOWS\PLFSetL.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-18] (Intel Corporation)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18702336 2009-08-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [PLFSetL] => C:\WINDOWS\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7391632 2016-05-03] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a6c-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a6f-5588-11e1-9a8e-705ab63e4417} - F:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a71-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a72-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {45336396-c41a-11df-b57f-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {b5265be2-c5b7-11df-b587-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {b5265be3-c5b7-11df-b587-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {e122966b-c3e7-11df-b57e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {e122966e-c3e7-11df-b57e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-03] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
Startup: C:\Documents and Settings\All Users\NabĂdka Start\Programy\Po spuĹˇtÄ›nĂ\Acer VCM.lnk [2010-02-02]
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 100.100.100.100 100.100.100.100
Tcpip\..\Interfaces\{981861BE-6F4D-40A0-B845-DAAD275CDAF0}: [DhcpNameServer] 100.100.100.100 100.100.100.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 - (No Name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {099EF85B-3260-4b87-9239-33355EE6A548} URL = hxxp://results.myway.com/GGmain.jhtml?id=YI&ptb=E3762AB4-2841-44DA-998D-14E37D107923&psa=&ind=2010092808&ptnrS=YI&si=&st=sb&n=&searchfor={searchTerms}
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> search13 URL = hxxp://search13.net/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {099EF85B-3260-4b87-9239-33355EE6A548} URL = hxxp://results.myway.com/GGmain.jhtml?id=YI&ptb=E3762AB4-2841-44DA-998D-14E37D107923&psa=&ind=2010092808&ptnrS=YI&si=&st=sb&n=&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {2CE29460-FF0C-46AA-AA6C-4804B00E71AB} URL = hxxp://www.webhledani.cz/results.aspx?i=42&tp= ... earchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {31530063-8570-4F4B-9228-7CF8BABB53DE} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... CZ397CZ397
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {CE92803D-D220-4742-B965-D2066FA37FBF} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-03] (AVAST Software)
BHO: PomocnĂk pro pĹ™ihlĂˇĹˇenĂ ke sluĹľbÄ› Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO: No Name -> {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} -> No File
BHO: No Name -> {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9xofdneb.default-1400790573156
FF ProfilePath: C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Data aplikacĂ\Mozilla\Firefox\Profiles\9xofdneb.default-1400790573156 [2017-01-15]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Data aplikacĂ\Mozilla\Firefox\Profiles\9xofdneb.default-1400790573156\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12] [not signed]
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-03]
FF SearchPlugin: C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Data aplikacĂ\Mozilla\Firefox\Profiles\9xofdneb.default-1400790573156\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2014-06-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-22] [not signed]
FF HKLM\...\Firefox\Extensions: [i0ffxtbr@IObitBar.com] - C:\Program Files\IObitBar\toolbar\1.bin => not found
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-02-02] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @IObitBar.com/Plugin -> C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://start.icq.com/
CHR StartupUrls: Default -> "hxxp://start.icq.com/","hxxp://home.sweetim.com/?barid={DA2CC277-FF77-11E2-9D2F-705AB63E4417}&src=10&crg=3.1010000.10039&st=23&ptr=100"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Skype Click to Call) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => No File
CHR Plugin: (MicrosoftÂ® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (MicrosoftÂ® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (IObit Toolbar Plugin Stub) - C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Windows LiveÂ® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default [2017-01-16]
CHR Extension: (Disk Google) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (VyhledĂˇvĂˇnĂ Google) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-20]
CHR Extension: (Waves 2nd Edition) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\imbjbmkgfiblfickjihmmbliggillaie [2012-12-01]
CHR Extension: (Platby InternetovĂ©ho obchodu Chrome) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-03] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-08-26] (Oracle Corporation)
R3 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-05-03] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-05-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-05-03] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-05-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-05-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-05-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-05-03] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-05-03] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-05-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221368 2016-05-03] (AVAST Software)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1952512 2009-02-20] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R1 mwlPSDFilter; C:\WINDOWS\System32\DRIVERS\mwlPSDFilter.sys [17840 2008-12-02] (Egis Incorporated.)
R1 mwlPSDNServ; C:\WINDOWS\System32\DRIVERS\mwlPSDNServ.sys [15280 2008-12-02] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\WINDOWS\System32\DRIVERS\mwlPSDVDisk.sys [58800 2008-12-02] (Egis Incorporated.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1759744 2009-05-06] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2011-11-16] () [File not signed]
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [31360 2012-07-20] (The OpenVPN Project) [File not signed]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [46592 2008-04-14] (Microsoft Corporation)
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 15:31 - 2017-01-16 15:32 - 00024584 _____ C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\FRST.txt
2017-01-16 15:30 - 2017-01-16 15:30 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\FRSTLauncher.exe
2017-01-16 15:18 - 2017-01-16 15:18 - 00000000 ____D C:\FRST
2017-01-16 15:11 - 2017-01-16 15:10 - 01761280 _____ (Farbar) C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\FRST.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 15:33 - 2010-09-14 01:23 - 00000000 ____D C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Temp
2017-01-16 15:31 - 2010-09-14 01:23 - 00000000 ____D C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha
2017-01-16 15:30 - 2010-09-14 01:23 - 00000000 ___HD C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ
2017-01-16 15:11 - 2010-09-16 13:41 - 00036864 _____ C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-16 15:08 - 2015-08-26 20:30 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-16 15:08 - 2010-09-13 22:40 - 00000000 ____D C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google
2017-01-16 14:34 - 2010-09-14 17:08 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-16 14:25 - 2016-05-03 17:07 - 00000480 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1462291608.job
2017-01-16 14:25 - 2015-09-19 21:53 - 00000390 _____ C:\WINDOWS\Tasks\Chrome Cleanup Tool post reboot run.job
2017-01-16 14:25 - 2014-03-12 14:57 - 00000248 _____ C:\WINDOWS\Tasks\PĹ™ihlĂˇĹˇenĂ k oznamovĂˇnĂ konce poskytovĂˇnĂ sluĹľeb pro Microsoft Windows XP.job
2017-01-16 14:25 - 2013-07-28 13:30 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2017-01-16 14:25 - 2013-05-31 21:29 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-01-16 14:25 - 2013-01-22 15:46 - 00000342 _____ C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2017-01-16 14:25 - 2010-09-14 17:06 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-16 14:25 - 2010-02-02 18:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-15 21:27 - 2014-03-12 14:57 - 00032578 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-15 21:27 - 2010-09-14 01:23 - 00000178 ___SH C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\ntuser.ini
2017-01-15 17:38 - 2010-09-14 01:23 - 00000000 ____D C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ
2017-01-15 17:21 - 2010-02-03 03:15 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-12-20 21:25 - 2010-02-02 19:31 - 00000000 __SHD C:\WINDOWS\Installer
2016-12-19 22:12 - 2010-02-02 19:30 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikacĂ
2016-12-19 20:30 - 2010-02-02 19:31 - 00000000 ____D C:\Program Files
2016-12-19 20:29 - 2010-02-02 18:34 - 00000000 ___SD C:\WINDOWS\Tasks

==================== Files in the root of some directories =======

2014-03-02 23:35 - 2014-03-20 19:17 - 0000000 ____C () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2010-02-02 21:36 - 2009-02-10 12:23 - 0192484 _____ () C:\Program Files\Common Files\Acer GameZone online.ico
2010-09-23 17:49 - 2011-09-12 15:42 - 0000788 _____ () C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Data aplikacĂ\wklnhst.dat
2010-09-16 13:41 - 2017-01-16 15:11 - 0036864 _____ () C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-14 01:23 - 2010-09-22 19:06 - 0000138 _____ () C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\fusioncache.dat
2010-09-14 01:23 - 2010-02-02 22:27 - 0003545 _____ () C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\MyWinLockerInstaller.txt-20100202.log
2010-02-02 21:37 - 2009-07-17 18:57 - 0036136 _____ (Oberon Media) C:\Documents and Settings\All Users\FullRemove.exe

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\googletoolbarinstaller_full_signed_6.2.1910.1554.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\kt_setup_1.2.4229.1140.exe
C:\Documents and Settings\Default User\Local Settings\Temp\googletoolbarinstaller_full_signed_6.2.1910.1554.exe
C:\Documents and Settings\Default User\Local Settings\Temp\kt_setup_1.2.4229.1140.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{80357E57-9412-4F78-B01F-FE8A118D72D3}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Chrome Cleanup Tool post reboot run.job => C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Dokumenty\Downloads\software_removal_tool.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MÄ›sĂÄŤnĂ oznamovĂˇnĂ konce poskytovĂˇnĂ sluĹľeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PĹ™ihlĂˇĹˇenĂ k oznamovĂˇnĂ konce poskytovĂˇnĂ sluĹľeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1462291608.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikacĂ\TEMP:5D7E5A8F [290]
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikacĂ\TEMP:93DE1838 [280]

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2013 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Zdenka - R…§iźkov \Plocha" je 56 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Java\\jre7\\bin\\java.exe"="C:\\Program Files\\Java\\jre7\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre7\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"="C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat:*:Enabled:game"
"C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"="C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"5985:TCP"="5985:TCP:*:Disabled:Vzd len spr va syst‚mu Windows "
"80:TCP"="80:TCP:*:Disabled:Vzd len spr va syst‚mu Windows - re§im kompatibility (HTTP-In) "

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Rudy** » 16 led 2017 19:04

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Vitek · #3 Příspěvek od **Vitek** » 16 led 2017 19:36

# AdwCleaner v6.042 - Log vytvořen 16/01/2017 v 19:27:15
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-06.1 [Místní]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Zdenka - Růžičková - ACER-416B084946
# Spuštěno z : C:\Documents and Settings\Zdenka - Růžičková\Plocha\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQNewTab
[#] Složka smazána po restartu: C:\Program Files\Instair

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\Inbox.WS.com IE Toolbar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Hodnota smazána: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
[-] Klíč smazán: HKU\.DEFAULT\Software\AVG Secure Search
[-] Klíč smazán: HKU\.DEFAULT\Software\Auslogics
[-] Klíč smazán: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\IObit Apps
[-] Klíč smazán: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\Auslogics
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AVG Secure Search
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\Auslogics
[#] Klíč smazán po restartu: HKCU\Software\IObit Apps
[#] Klíč smazán po restartu: HKCU\Software\Auslogics
[-] Klíč smazán: HKLM\SOFTWARE\IObit Apps
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BB398653-2180-436A-ACA8-33B6F98135F5}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Klíč smazán: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\Microsoft\Internet Explorer\SearchScopes\{31530063-8570-4F4B-9228-7CF8BABB53DE}
[-] Klíč smazán: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\Microsoft\Internet Explorer\SearchScopes\{CE92803D-D220-4742-B965-D2066FA37FBF}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31530063-8570-4F4B-9228-7CF8BABB53DE}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CE92803D-D220-4742-B965-D2066FA37FBF}
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3316 Bajty] - [16/01/2017 19:27:15]
C:\AdwCleaner\AdwCleaner[R0].txt - [21631 Bajty] - [28/03/2014 16:45:58]
C:\AdwCleaner\AdwCleaner[R1].txt - [19104 Bajty] - [28/03/2014 16:53:23]
C:\AdwCleaner\AdwCleaner[R2].txt - [3465 Bajty] - [30/05/2014 21:43:45]
C:\AdwCleaner\AdwCleaner[R3].txt - [2757 Bajty] - [02/08/2014 13:19:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [2867 Bajty] - [28/03/2014 16:49:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [19365 Bajty] - [28/03/2014 16:55:23]
C:\AdwCleaner\AdwCleaner[S2].txt - [3576 Bajty] - [30/05/2014 21:48:19]
C:\AdwCleaner\AdwCleaner[S3].txt - [2842 Bajty] - [02/08/2014 13:23:15]
C:\AdwCleaner\AdwCleaner[S4].txt - [4176 Bajty] - [16/01/2017 19:26:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4049 Bajty] ##########

#4 Příspěvek od **Rudy** » 16 led 2017 20:21

Dejte nový log FRST.

Vitek · #5 Příspěvek od **Vitek** » 16 led 2017 21:21

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2017
Ran by Zdenka - RĹŻĹľiÄŤkovĂˇ (administrator) on ACER-416B084946 (16-01-2017 21:13:09)
Running from C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha
Loaded Profiles: Zdenka - RĹŻĹľiÄŤkovĂˇ (Available Profiles: Zdenka - RĹŻĹľiÄŤkovĂˇ & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: ÄŚeĹˇtina
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(sonix) C:\WINDOWS\PLFSetL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-18] (Intel Corporation)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18702336 2009-08-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [PLFSetL] => C:\WINDOWS\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [snp2uvc] => rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7391632 2016-05-03] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a6c-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a6f-5588-11e1-9a8e-705ab63e4417} - F:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a71-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a72-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {45336396-c41a-11df-b57f-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {b5265be2-c5b7-11df-b587-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {b5265be3-c5b7-11df-b587-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {e122966b-c3e7-11df-b57e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {e122966e-c3e7-11df-b57e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-03] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
Startup: C:\Documents and Settings\All Users\NabĂdka Start\Programy\Po spuĹˇtÄ›nĂ\Acer VCM.lnk [2010-02-02]
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 100.100.100.100 100.100.100.100
Tcpip\..\Interfaces\{981861BE-6F4D-40A0-B845-DAAD275CDAF0}: [DhcpNameServer] 100.100.100.100 100.100.100.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 - (No Name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {099EF85B-3260-4b87-9239-33355EE6A548} URL = hxxp://results.myway.com/GGmain.jhtml?id=YI&ptb=E3762AB4-2841-44DA-998D-14E37D107923&psa=&ind=2010092808&ptnrS=YI&si=&st=sb&n=&searchfor={searchTerms}
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> search13 URL = hxxp://search13.net/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {099EF85B-3260-4b87-9239-33355EE6A548} URL = hxxp://results.myway.com/GGmain.jhtml?id=YI&ptb=E3762AB4-2841-44DA-998D-14E37D107923&psa=&ind=2010092808&ptnrS=YI&si=&st=sb&n=&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {2CE29460-FF0C-46AA-AA6C-4804B00E71AB} URL = hxxp://www.webhledani.cz/results.aspx?i=42&tp= ... earchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... CZ397CZ397
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-03] (AVAST Software)
BHO: PomocnĂk pro pĹ™ihlĂˇĹˇenĂ ke sluĹľbÄ› Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO: No Name -> {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} -> No File
BHO: No Name -> {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9xofdneb.default-1400790573156
FF ProfilePath: C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Data aplikacĂ\Mozilla\Firefox\Profiles\9xofdneb.default-1400790573156 [2017-01-15]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Data aplikacĂ\Mozilla\Firefox\Profiles\9xofdneb.default-1400790573156\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12] [not signed]
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-03]
FF SearchPlugin: C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Data aplikacĂ\Mozilla\Firefox\Profiles\9xofdneb.default-1400790573156\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2014-06-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-22] [not signed]
FF HKLM\...\Firefox\Extensions: [i0ffxtbr@IObitBar.com] - C:\Program Files\IObitBar\toolbar\1.bin => not found
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-02-02] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @IObitBar.com/Plugin -> C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://start.icq.com/
CHR StartupUrls: Default -> "hxxp://start.icq.com/","hxxp://home.sweetim.com/?barid={DA2CC277-FF77-11E2-9D2F-705AB63E4417}&src=10&crg=3.1010000.10039&st=23&ptr=100"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Skype Click to Call) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => No File
CHR Plugin: (MicrosoftÂ® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (MicrosoftÂ® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (IObit Toolbar Plugin Stub) - C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Windows LiveÂ® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default [2017-01-16]
CHR Extension: (Disk Google) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (VyhledĂˇvĂˇnĂ Google) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-16]
CHR Extension: (Waves 2nd Edition) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\imbjbmkgfiblfickjihmmbliggillaie [2012-12-01]
CHR Extension: (Platby InternetovĂ©ho obchodu Chrome) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-03] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-08-26] (Oracle Corporation)
R3 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-05-03] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-05-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-05-03] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-05-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-05-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-05-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-05-03] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-05-03] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-05-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221368 2016-05-03] (AVAST Software)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1952512 2009-02-20] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R1 mwlPSDFilter; C:\WINDOWS\System32\DRIVERS\mwlPSDFilter.sys [17840 2008-12-02] (Egis Incorporated.)
R1 mwlPSDNServ; C:\WINDOWS\System32\DRIVERS\mwlPSDNServ.sys [15280 2008-12-02] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\WINDOWS\System32\DRIVERS\mwlPSDVDisk.sys [58800 2008-12-02] (Egis Incorporated.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1759744 2009-05-06] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2011-11-16] () [File not signed]
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [31360 2012-07-20] (The OpenVPN Project) [File not signed]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [46592 2008-04-14] (Microsoft Corporation)
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 19:21 - 2017-01-16 19:21 - 03988944 _____ C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\adwcleaner_6.042.exe
2017-01-16 15:31 - 2017-01-16 21:15 - 00024109 _____ C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\FRST.txt
2017-01-16 15:30 - 2017-01-16 15:30 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\FRSTLauncher.exe
2017-01-16 15:18 - 2017-01-16 21:13 - 00000000 ____D C:\FRST
2017-01-16 15:11 - 2017-01-16 15:10 - 01761280 _____ (Farbar) C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha\FRST.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 21:15 - 2010-09-14 01:23 - 00000000 ____D C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Temp
2017-01-16 21:13 - 2010-09-14 01:23 - 00000000 ____D C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Plocha
2017-01-16 21:12 - 2010-09-14 01:23 - 00000000 ___HD C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ
2017-01-16 19:34 - 2010-09-14 17:08 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-16 19:29 - 2016-05-03 17:07 - 00000480 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1462291608.job
2017-01-16 19:29 - 2015-09-19 21:53 - 00000390 _____ C:\WINDOWS\Tasks\Chrome Cleanup Tool post reboot run.job
2017-01-16 19:29 - 2014-03-12 14:57 - 00000248 _____ C:\WINDOWS\Tasks\PĹ™ihlĂˇĹˇenĂ k oznamovĂˇnĂ konce poskytovĂˇnĂ sluĹľeb pro Microsoft Windows XP.job
2017-01-16 19:29 - 2013-07-28 13:30 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2017-01-16 19:29 - 2013-05-31 21:29 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-01-16 19:29 - 2013-01-22 15:46 - 00000342 _____ C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2017-01-16 19:29 - 2010-09-14 17:06 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-16 19:28 - 2014-03-12 14:57 - 00032578 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-16 19:28 - 2010-02-02 18:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-16 19:27 - 2014-03-28 16:45 - 00000000 ____D C:\AdwCleaner
2017-01-16 19:27 - 2010-09-14 01:23 - 00000178 ___SH C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\ntuser.ini
2017-01-16 19:26 - 2011-05-21 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikacĂ\ICQ
2017-01-16 15:11 - 2010-09-16 13:41 - 00036864 _____ C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-16 15:08 - 2015-08-26 20:30 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-16 15:08 - 2010-09-13 22:40 - 00000000 ____D C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google
2017-01-15 17:38 - 2010-09-14 01:23 - 00000000 ____D C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ
2017-01-15 17:21 - 2010-02-03 03:15 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-12-20 21:25 - 2010-02-02 19:31 - 00000000 __SHD C:\WINDOWS\Installer
2016-12-19 22:12 - 2010-02-02 19:30 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikacĂ
2016-12-19 20:30 - 2010-02-02 19:31 - 00000000 ____D C:\Program Files
2016-12-19 20:29 - 2010-02-02 18:34 - 00000000 ___SD C:\WINDOWS\Tasks

==================== Files in the root of some directories =======

2014-03-02 23:35 - 2014-03-20 19:17 - 0000000 ____C () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2010-02-02 21:36 - 2009-02-10 12:23 - 0192484 _____ () C:\Program Files\Common Files\Acer GameZone online.ico
2010-09-23 17:49 - 2011-09-12 15:42 - 0000788 _____ () C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Data aplikacĂ\wklnhst.dat
2010-09-16 13:41 - 2017-01-16 15:11 - 0036864 _____ () C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-14 01:23 - 2010-09-22 19:06 - 0000138 _____ () C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\fusioncache.dat
2010-09-14 01:23 - 2010-02-02 22:27 - 0003545 _____ () C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\MyWinLockerInstaller.txt-20100202.log
2010-02-02 21:37 - 2009-07-17 18:57 - 0036136 _____ (Oberon Media) C:\Documents and Settings\All Users\FullRemove.exe

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\googletoolbarinstaller_full_signed_6.2.1910.1554.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\kt_setup_1.2.4229.1140.exe
C:\Documents and Settings\Default User\Local Settings\Temp\googletoolbarinstaller_full_signed_6.2.1910.1554.exe
C:\Documents and Settings\Default User\Local Settings\Temp\kt_setup_1.2.4229.1140.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{80357E57-9412-4F78-B01F-FE8A118D72D3}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Chrome Cleanup Tool post reboot run.job => C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Dokumenty\Downloads\software_removal_tool.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MÄ›sĂÄŤnĂ oznamovĂˇnĂ konce poskytovĂˇnĂ sluĹľeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PĹ™ihlĂˇĹˇenĂ k oznamovĂˇnĂ konce poskytovĂˇnĂ sluĹľeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1462291608.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2013 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Zdenka - R…§iźkov \Plocha" je 60 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Java\\jre7\\bin\\java.exe"="C:\\Program Files\\Java\\jre7\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre7\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"="C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat:*:Enabled:game"
"C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"="C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"5985:TCP"="5985:TCP:*:Disabled:Vzd len spr va syst‚mu Windows "
"80:TCP"="80:TCP:*:Disabled:Vzd len spr va syst‚mu Windows - re§im kompatibility (HTTP-In) "

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#6 Příspěvek od **Rudy** » 16 led 2017 21:54

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a6c-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a6f-5588-11e1-9a8e-705ab63e4417} - F:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a71-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a72-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {45336396-c41a-11df-b57f-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {b5265be2-c5b7-11df-b587-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {b5265be3-c5b7-11df-b587-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {e122966b-c3e7-11df-b57e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {e122966e-c3e7-11df-b57e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 - (No Name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {099EF85B-3260-4b87-9239-33355EE6A548} URL = hxxp://results.myway.com/GGmain.jhtml?i ... searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> search13 URL = hxxp://search13.net/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {099EF85B-3260-4b87-9239-33355EE6A548} URL = hxxp://results.myway.com/GGmain.jhtml?i ... searchfor={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
FF HKLM\...\Firefox\Extensions: [i0ffxtbr@IObitBar.com] - C:\Program Files\IObitBar\toolbar\1.bin => not found
FF Plugin: @IObitBar.com/Plugin -> C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll [No File]
CHR HomePage: Default -> hxxp://start.icq.com/
CHR StartupUrls: Default -> "hxxp://start.icq.com/","hxxp://home.sweetim.com/?barid={DA2CC277-FF77-11E2-9D2F-705AB63E4417}&src=10&crg=3.1010000.10039&st=23&ptr=100"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Skype Click to Call) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\Zdenka - RĹŻĹľiÄŤkovĂˇ\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (IObit Toolbar Plugin Stub) - C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
U1 WS2IFSL; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Administrator\Local Settings\Temp
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{80357E57-9412-4F78-B01F-FE8A118D72D3}.exe <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Vitek · #7 Příspěvek od **Vitek** » 16 led 2017 22:10

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-01-2017
Ran by Zdenka - Růžičková (16-01-2017 22:03:48) Run:1
Running from C:\Documents and Settings\Zdenka - Růžičková\Plocha
Loaded Profiles: Zdenka - Růžičková (Available Profiles: Zdenka - Růžičková & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a6c-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a6f-5588-11e1-9a8e-705ab63e4417} - F:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a71-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {42301a72-5588-11e1-9a8e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {45336396-c41a-11df-b57f-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {b5265be2-c5b7-11df-b587-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {b5265be3-c5b7-11df-b587-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {e122966b-c3e7-11df-b57e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\...\MountPoints2: {e122966e-c3e7-11df-b57e-705ab63e4417} - D:\AutoRun.exe
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 - (No Name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {099EF85B-3260-4b87-9239-33355EE6A548} URL = hxxp://results.myway.com/GGmain.jhtml?i ... searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> search13 URL = hxxp://search13.net/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> {099EF85B-3260-4b87-9239-33355EE6A548} URL = hxxp://results.myway.com/GGmain.jhtml?i ... searchfor={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3675345140-3802400216-3657561249-1006 -> No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
FF HKLM\...\Firefox\Extensions: [i0ffxtbr@IObitBar.com] - C:\Program Files\IObitBar\toolbar\1.bin => not found
FF Plugin: @IObitBar.com/Plugin -> C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll [No File]
CHR HomePage: Default -> hxxp://start.icq.com/
CHR StartupUrls: Default -> "hxxp://start.icq.com/","hxxp://home.sweetim.com/?barid={DA2CC277-FF77-11E2-9D2F-705AB63E4417}&src=10&crg=3.1010000.10039&st=23&ptr=100"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Skype Click to Call) - C:\Documents and Settings\Zdenka - Růžičková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\Zdenka - Růžičková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (IObit Toolbar Plugin Stub) - C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
U1 WS2IFSL; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Administrator\Local Settings\Temp
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{80357E57-9412-4F78-B01F-FE8A118D72D3}.exe <==== ATTENTION

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42301a6c-5588-11e1-9a8e-705ab63e4417} => key removed successfully.
HKCR\CLSID\{42301a6c-5588-11e1-9a8e-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42301a6f-5588-11e1-9a8e-705ab63e4417} => key removed successfully.
HKCR\CLSID\{42301a6f-5588-11e1-9a8e-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42301a71-5588-11e1-9a8e-705ab63e4417} => key removed successfully.
HKCR\CLSID\{42301a71-5588-11e1-9a8e-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42301a72-5588-11e1-9a8e-705ab63e4417} => key removed successfully.
HKCR\CLSID\{42301a72-5588-11e1-9a8e-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45336396-c41a-11df-b57f-705ab63e4417} => key removed successfully.
HKCR\CLSID\{45336396-c41a-11df-b57f-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5265be2-c5b7-11df-b587-705ab63e4417} => key removed successfully.
HKCR\CLSID\{b5265be2-c5b7-11df-b587-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5265be3-c5b7-11df-b587-705ab63e4417} => key removed successfully.
HKCR\CLSID\{b5265be3-c5b7-11df-b587-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e122966b-c3e7-11df-b57e-705ab63e4417} => key removed successfully.
HKCR\CLSID\{e122966b-c3e7-11df-b57e-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e122966e-c3e7-11df-b57e-705ab63e4417} => key removed successfully.
HKCR\CLSID\{e122966e-c3e7-11df-b57e-705ab63e4417} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Control Panel\Desktop\\SCRNSAVE.EXE => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7757CBCC-0975-4b79-A519-90B142CA3A23} => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548} => key removed successfully.
HKCR\CLSID\{099EF85B-3260-4b87-9239-33355EE6A548} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\search13 => key removed successfully.
HKCR\CLSID\search13 => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548} => key removed successfully.
HKCR\CLSID\{099EF85B-3260-4b87-9239-33355EE6A548} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
C:\Program Files\Google\Google Toolbar => moved successfully
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-3675345140-3802400216-3657561249-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} => value removed successfully.
HKCR\CLSID\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com => value removed successfully.
HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin => key removed successfully.
Chrome HomePage => removed successfully.
Chrome StartupUrls => removed successfully.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Documents and Settings\Zdenka - Růžičková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll => not found.
C:\Documents and Settings\Zdenka - Růžičková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => not found.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => not found.
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => moved successfully
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\WINDOWS\system32\npdeployJava1.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp => moved successfully
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11038 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 94425 B
Java, Flash, Steam htmlcache => 5399890 B
Windows/system/dllcache/drivers => 16384 B
Edge => 0 B
Chrome => 48739674 B
Firefox => 6001182 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 99231114 B
All Users => 0 B
systemprofile => 851028628 B
LocalService => 39950938 B
NetworkService => 292924 B
Zdenka - Růžičková => 12313847 B
Administrator => 314017 B

RecycleBin => 273472 B
EmptyTemp: => 1014.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:04:44 ====

#8 Příspěvek od **Rudy** » 16 led 2017 22:26

OK. Nastala nějaká změna?

Vitek · #9 Příspěvek od **Vitek** » 16 led 2017 22:33

možná o trochu ale nic moc

#10 Příspěvek od **Rudy** » 17 led 2017 17:11

Udělejte kompletní sken MBAM: http://filehippo.com/download_malwareby ... nts/14815/ a dejte log. Předem nic nemažte. Pokyn ke stažení novější verze ignorujte, na WinXP nefunguje.

Vitek · #11 Příspěvek od **Vitek** » 17 led 2017 22:37

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Zdenka - Růžičková :: ACER-416B084946 [administrátor]

Ochrana: Povolena

17.1.2017 20:08:53
mbam-log-2017-01-17 (20-08-53).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 296734
Uplynulý čas: 2 hodin, 23 minut, 48 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Přesun do karantény a opravení se zdařilo.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|CustomizeSearch (Hijack.SearchPage) -> Špatný: (http://search13.net/) Dobrý: (http://www.Google.com/) -> Přesun do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#12 Příspěvek od **Rudy** » 18 led 2017 18:16

OK, tohle se nepovedlo. Udělejte následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Vitek · #13 Příspěvek od **Vitek** » 18 led 2017 18:52

Tak jsem chtěl zapnout ten notebook a při zapnuti se sekne na ploše 3x sem ho vypnul a pokazdý stejny jde jen hýbat myší nic jinyho

#14 Příspěvek od **Rudy** » 18 led 2017 19:44

Pokud se to stalo po skenech JRT a Zoek, zkuste nastartovat do nouz. režimu a tam dejte obnovu systému k datu, kdy korketně fungoval.

Vitek · #15 Příspěvek od **Vitek** » 18 led 2017 20:00

stalo se to před tím.. včera jsem ho vypnul po tom testu mallwarebytes a dneska se hned seknul zkusim tu obnovu

VIRY.CZ

Zasekany notebook

Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook

Re: Zasekany notebook