Prosím o preventivní kontrolu

Zpráva

Indypetr · #1 Příspěvek od **Indypetr** » 26 říj 2014 17:30

Dobrý den, u bývalé manželky jsou nějaké problémy s pc, tak prosím v rámci řešení o preventivní kontrolu.

Děkuji.

RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kristinka at 2014-10-26 17:15:18
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2
System drive C: has 115 GB (75%) free of 153 GB
Total RAM: 4094 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:15:23, on 26.10.2014
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Java\jre7\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Kristinka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DuckCapture] "C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe" /autorun
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files (x86)\Java\jre7\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7798 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

"C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\WINDOWS\System32\svchost.exe -k WinErr
"C:\Program Files (x86)\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre7\lib\deploy\jqs\jqs.conf"

Ati2evxx.exe -Client
C:\WINDOWS\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\WINDOWS\RTHDCPL.EXE"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ccc.exe" 0

"C:\Program Files (x86)\TotalCmd\TOTALCMD64.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Enabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3708.1.355742960\1547950204" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Enabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3708.2.196323507\747753481" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Enabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="3708.3.1057893167\2005480075" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Enabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="3708.5.1625094042\424736681" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Enabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="3708.7.149004729\208249735" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Enabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="3708.8.218302777\2124192438" /prefetch:673131151
"E:\Install\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1383476416.job - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-09-05 176224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-09-05 4374104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5618456]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-13 18084864]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-11-20 1826816]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-08-19 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-18 20992]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"DuckCapture"=C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [2011-11-03 436736]
"GarminExpressTrayApp"=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [2014-07-23 688984]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2014-06-05 248176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-11-16 262656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 154112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.i420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv50"=ir50_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-10-26 17:15:18 ----D---- C:\rsit
2014-10-26 17:15:18 ----D---- C:\Program Files\trend micro
2014-10-19 11:36:21 ----D---- C:\GameTeamPokeCraft

======List of files/folders modified in the last 1 month======

2014-10-26 17:15:18 ----RD---- C:\Program Files
2014-10-26 17:14:24 ----D---- C:\WINDOWS\Temp
2014-10-26 17:02:17 ----D---- C:\WINDOWS\Prefetch
2014-10-26 16:53:08 ----D---- C:\WINDOWS\system32
2014-10-26 16:53:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-23 19:00:14 ----D---- C:\WINDOWS\SysWOW64
2014-10-23 18:21:10 ----D---- C:\WINDOWS\system32\CatRoot2
2014-10-18 10:55:22 ----D---- C:\WINDOWS\system32\config
2014-10-16 18:55:17 ----D---- C:\Program Files (x86)\Opera
2014-10-16 18:55:16 ----SD---- C:\WINDOWS\Tasks
2014-10-15 15:48:34 ----SHD---- C:\WINDOWS\Installer
2014-10-15 15:48:34 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2014-10-15 12:35:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-15 12:34:44 ----D---- C:\WINDOWS\system32\MRT
2014-10-15 12:29:53 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2005-03-24 19968]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2007-02-18 93440]
R1 AmdPPM64;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys [2007-04-16 44544]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 232568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-09-17 79640]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2005-03-24 15872]
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys [2007-02-18 13312]
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys [2007-02-18 13312]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-09-17 220232]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-02-17 111104]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-11-16 9291264]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-09-17 45656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-13 239616]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-02-18 18944]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKHDA64.SYS [2009-01-20 5111296]
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys [2007-02-18 24192]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-02-18 19456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2005-03-24 92160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMIX.sys [2008-12-25 3006080]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver; C:\WINDOWS\system32\DRIVERS\Rtenic64.sys [2008-10-30 141312]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-18 48128]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP6.sys [2012-05-14 151168]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-07-22 42752]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-02-17 29696]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-08-07 27648]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2005-03-24 33792]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 46080]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 95744]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 108032]
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-11-16 923648]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-05-25 67584]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-09-12 1337752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [2014-07-25 182696]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 1022632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-07-23 438616]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2014-06-05 93040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-25 46088]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 116648]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-18 613376]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 119808]

-----------------EOF-----------------

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Kristinka (administrator) on VESELI on 26-10-2014 17:20:50
Running from C:\Documents and Settings\Kristinka\Desktop
Loaded Profile: Kristinka (Available profiles: Kristinka & Hanička & Bohouš & Petr & Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18084864 2009-01-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2008-08-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
HKLM\...\Winlogon: [UIHost] C:\Windows\system32\logonui.exe [662016 2007-02-18] ( (Microsoft Corporation))
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-902231566-1358511475-2049901558-1002\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-902231566-1358511475-2049901558-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [139264 2006-10-09] (Nero AG)
HKU\S-1-5-21-902231566-1358511475-2049901558-1002\...\Run: [DuckCapture] => C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-902231566-1358511475-2049901558-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-902231566-1358511475-2049901558-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKCU - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll (DeviceVM Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKCU - DefaultScope {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = http://www.google.com/custom?q={searchT ... BFORID%3A1
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKCU - {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = http://www.google.com/custom?q={searchT ... BFORID%3A1
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492544] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @videolan.org/vlc,version=2.2.0-git-20131101-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.search.ask.com/?o=APN10640A&gct=hp& ... 02-147&t=4"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-03]
CHR Extension: (Disk Google) - C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (YouTube) - C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-03]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]
CHR Extension: (Booking.com for Chrome™) - C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2014-08-29]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR Extension: (Booking.com) - C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc [2014-08-29]
CHR Extension: (Gmail) - C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)
S3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2007-02-18] (Microsoft Corporation)
R2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [923648 2012-11-16] (ATI Technologies Inc.)
R2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 Browser; C:\Windows\SysWOW64\browser.dll [78336 2012-09-12] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-05-25] (CobianSoft, Luis Cobian) [File not signed]
S4 CiSvc; C:\Windows\SysWOW64\cisvc.exe [6656 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
R2 Dnscache; C:\Windows\SysWOW64\dnsrslvr.dll [45568 2011-03-03] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 LmHosts; C:\Windows\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\Windows\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\Windows\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\Windows\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\SysWOW64\locator.exe [71680 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\Windows\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
S4 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
S4 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog; [X]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; No ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 AmdIde; No ImagePath
R1 AmdPPM64; C:\Windows\System32\DRIVERS\AmdPPM64.sys [44544 2007-04-16] (Advanced Micro Devices)
S4 arc; No ImagePath
R3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-17] (Microsoft Corporation)
S4 Atdisk; No ImagePath
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [9291264 2012-11-16] (ATI Technologies Inc.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP6.sys [151168 2012-05-14] (Advanced Micro Devices)
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; No ImagePath
R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [232568 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [45656 2013-09-17] (ESET)
R1 epfwtdi; C:\Windows\System32\DRIVERS\epfwtdi.sys [79640 2013-09-17] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows (R) Server 2003 DDK provider)
S1 i2omgmt; No ImagePath
S4 iirsp; No ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [5111296 2009-01-20] (Realtek Semiconductor Corp.)
S4 IntelIde; No ImagePath
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S4 mraid35x; No ImagePath
R3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMIX.sys [3006080 2008-12-25] (Realtek Semiconductor Corp.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [141312 2008-10-30] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
S4 Simbad; No ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-18] (Microsoft Corporation)
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File.
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 17:20 - 2014-10-26 17:21 - 00029017 _____ () C:\Documents and Settings\Kristinka\Desktop\FRST.txt
2014-10-26 17:20 - 2014-10-26 17:20 - 00000000 ____D () C:\FRST
2014-10-26 17:20 - 2014-10-26 17:18 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Kristinka\Desktop\FRSTLauncher.exe
2014-10-26 17:20 - 2014-10-26 17:17 - 02113024 _____ (Farbar) C:\Documents and Settings\Kristinka\Desktop\FRST64.exe
2014-10-26 17:15 - 2014-10-26 17:16 - 00000000 ____D () C:\rsit
2014-10-26 17:15 - 2014-10-26 17:15 - 00000000 ____D () C:\Program Files\trend micro
2014-10-19 11:36 - 2014-10-19 11:36 - 00001543 _____ () C:\Documents and Settings\Hanička\Desktop\PokeCraft GameTeam 1.7.10.lnk
2014-10-19 11:36 - 2014-10-19 11:36 - 00000000 ____D () C:\GameTeamPokeCraft
2014-10-19 11:36 - 2014-10-19 11:36 - 00000000 ____D () C:\Documents and Settings\Hanička\Start Menu\Programs\PokeCraft_GameTeam_1.7.10
2014-10-19 11:28 - 2014-10-19 11:34 - 383121665 _____ () C:\Documents and Settings\Hanička\My Documents\PokeCraft_GameTeam_1.7.10_V5.0.rar
2014-10-19 10:50 - 2014-10-19 10:57 - 385965913 _____ () C:\Documents and Settings\Hanička\My Documents\mctitan_pokemine1710_updated.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 17:21 - 2013-11-03 11:41 - 00000000 ____D () C:\Documents and Settings\Kristinka\Local Settings\Temp
2014-10-26 16:54 - 2014-06-09 19:37 - 00000406 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383476416.job
2014-10-26 16:54 - 2013-11-03 11:54 - 00000944 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 16:54 - 2013-11-03 11:45 - 00000178 ___SH () C:\Documents and Settings\Petr\ntuser.ini
2014-10-26 16:54 - 2013-11-03 11:45 - 00000000 ____D () C:\Documents and Settings\Petr\Local Settings\Temp
2014-10-26 16:54 - 2013-11-02 20:49 - 01979527 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-26 16:53 - 2013-11-02 21:37 - 00613920 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-26 16:51 - 2013-11-02 21:18 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-10-26 16:48 - 2013-11-02 20:57 - 00000159 _____ () C:\Documents and Settings\LocalService\wiadebug.log
2014-10-26 16:48 - 2013-11-02 20:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-26 16:48 - 2013-11-02 20:57 - 00000000 _____ () C:\WINDOWS\0.log
2014-10-26 16:48 - 2007-02-18 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-24 14:58 - 2013-11-03 11:41 - 00000178 ___SH () C:\Documents and Settings\Kristinka\ntuser.ini
2014-10-24 14:58 - 2013-11-02 20:57 - 00032596 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2014-10-24 05:39 - 2013-11-11 19:32 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-24 05:31 - 2013-11-03 11:54 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 19:59 - 2013-11-03 11:50 - 00000178 ___SH () C:\Documents and Settings\Hanička\ntuser.ini
2014-10-23 19:59 - 2013-11-03 11:47 - 00000178 ___SH () C:\Documents and Settings\Bohouš\ntuser.ini
2014-10-23 19:52 - 2013-11-03 11:47 - 00000000 ____D () C:\Documents and Settings\Bohouš\Local Settings\Temp
2014-10-23 19:50 - 2014-04-11 06:47 - 00000000 ____D () C:\Documents and Settings\Hanička\Application Data\.minecraft
2014-10-23 19:50 - 2013-11-03 11:50 - 00000000 ____D () C:\Documents and Settings\Hanička\Local Settings\Temp
2014-10-23 19:00 - 2014-08-03 19:11 - 00000716 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-23 19:00 - 2013-11-18 18:08 - 00000664 _____ () C:\WINDOWS\SysWOW64\d3d9caps.dat
2014-10-23 18:21 - 2013-11-02 21:36 - 00614038 _____ () C:\WINDOWS\setupapi.log
2014-10-19 12:18 - 2014-09-03 18:35 - 00000000 ____D () C:\Documents and Settings\Hanička\Application Data\Skype
2014-10-16 18:55 - 2013-11-03 12:00 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-15 15:48 - 2014-09-01 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-10-15 12:35 - 2013-11-03 12:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-15 12:34 - 2013-11-03 10:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 12:29 - 2013-11-03 10:01 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 20:10 - 2013-11-03 11:41 - 00025937 _____ () C:\Documents and Settings\Kristinka\Sti_Trace.log

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Checkupdate.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Foxit Reader Updater.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\gcapi_dll.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_isC6.exe
C:\Documents and Settings\Bohouš\Local Settings\Temp\Checkupdate.exe
C:\Documents and Settings\Bohouš\Local Settings\Temp\Foxit Reader Updater.exe
C:\Documents and Settings\Bohouš\Local Settings\Temp\gcapi_dll.dll
C:\Documents and Settings\Bohouš\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\Hanička\Local Settings\Temp\Checkupdate.exe
C:\Documents and Settings\Hanička\Local Settings\Temp\Foxit Reader Updater.exe
C:\Documents and Settings\Hanička\Local Settings\Temp\gcapi_dll.dll
C:\Documents and Settings\Hanička\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\Hanička\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Hanička\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Kristinka\Local Settings\Temp\Checkupdate.exe
C:\Documents and Settings\Kristinka\Local Settings\Temp\Foxit Reader Updater.exe
C:\Documents and Settings\Kristinka\Local Settings\Temp\gcapi_dll.dll
C:\Documents and Settings\Kristinka\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\Kristinka\Local Settings\Temp\miCoach1_micoachmanagersetup.exe
C:\Documents and Settings\Kristinka\Local Settings\Temp\miCoach2_micoachmanagersetup.exe
C:\Documents and Settings\Kristinka\Local Settings\Temp\miCoach_micoachmanagersetup.exe
C:\Documents and Settings\Kristinka\Local Settings\Temp\MSETUP4.EXE
C:\Documents and Settings\Kristinka\Local Settings\Temp\_is1.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:149.05 GB) (Free:112.37 GB) NTFS
Drive d: (DATA) (Fixed) (Total:465.75 GB) (Free:277.98 GB) NTFS
Drive e: (FILES) (Fixed) (Total:232.88 GB) (Free:128.72 GB) NTFS

Available physical RAM: 2894.39 MB
Total physical RAM: 4094.19 MB
Percentage of memory in use: 29%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 465.8 GB) (Disk ID: F418F418)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 000D870B)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: E1EDE1ED)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383476416.job => C:\Program Files (x86)\Opera\launcher.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Kristinka\Desktop" je 9 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

==================== End Of Log ==============================

#2 Příspěvek od **Márty84** » 27 říj 2014 10:49

Zdravim

Proc neni aktualizovany system? Chybi Service Pack 3

Indypetr · #3 Příspěvek od **Indypetr** » 27 říj 2014 11:31

Aktualizace jsme stahovali, dokud byla podpora XP. Ale servis pack 3 byl jen pro 32-b XP, pro 64-b nebyl. Aspon jsem ho nenasel. Jinak je to legalni instalace, takze aktualizace byly stahovany automaticky.

#4 Příspěvek od **Márty84** » 27 říj 2014 11:37

No jo, mate pravdu

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Indypetr · #5 Příspěvek od **Indypetr** » 29 říj 2014 17:34

Omlouvam se, ale musim vzdy k pc zabehnout coz neni hned. Tady je ten log:

# AdwCleaner v4.002 - Report created 29/10/2014 at 17:29:33
# DB v
# Updated 27/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (64 bits)
# Username : Kristinka - VESELI
# Running from : C:\Documents and Settings\Kristinka\Desktop\adwcleaner_4.002 (1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v38.0.2125.111

*************************

AdwCleaner[R0].txt - [752 octets] - [28/10/2014 19:47:16]
AdwCleaner[R1].txt - [811 octets] - [28/10/2014 20:58:58]
AdwCleaner[R2].txt - [874 octets] - [29/10/2014 17:28:44]
AdwCleaner[S0].txt - [789 octets] - [29/10/2014 17:29:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [848 octets] ##########

#6 Příspěvek od **Márty84** » 29 říj 2014 18:19

Popiste trochu o jake problemy jde.

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

Indypetr · #7 Příspěvek od **Indypetr** » 30 říj 2014 10:49

Ty problemy podle me nesouvisi s tim ze by bylo pc zavirovane. Manzelka mi hlasila par padu prohlizece po prvnim nacteni. PC je cca 6 let stare, tak se se o nej sem tam staram. A v ramci kontroly co se v nem deje jsem tady pozadal o preventivnikontrolu. Standardne na PC bezi eset a manzelka ani dcera nejsou zadne masivni stahovacky.
Takze pokud se Vam vysledky libi a necichate zadny problem , je to pro me celkem prijatelny vysledek kontroly.

#8 Příspěvek od **Márty84** » 30 říj 2014 11:04

Ja tam ale par veci, ktere by tam byt nemely, vidim

Indypetr · #9 Příspěvek od **Indypetr** » 30 říj 2014 11:14

Tak jak se dostanu zase k manzelce (byvale, pro to to trva vzdycky dlouho) pustim ten vas test a lipnu sem vysledek.

#10 Příspěvek od **Márty84** » 30 říj 2014 12:58

Indypetr · #11 Příspěvek od **Indypetr** » 02 lis 2014 13:07

Tak jsem se dostal na pc. Prikladam vysledek kontroly:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.11.02.03

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
Kristinka :: VESELI [administrátor]

2.11.2014 12:07:12
MBAM-log-2014-11-02 (13-07-01).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 687197
Uplynulý čas: 1 hodin, 2 minut, 22 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 22
D:\»Kristinka\Install\Acad 2008 + Recoc\Autocad2008Keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
D:\»Kristinka\Install\SMM10_8.24\SygicKG_win.exe (Worm.AutoRun) -> Nebyla provedena žádná instrukce.
D:\»Kristinka\»osobni\archiv\zipka\DAP 5.3\tsrh-dap535x.zip (Trojan.Dropper) -> Nebyla provedena žádná instrukce.
D:\»Kristinka\»osobni\archiv\zipka\libor\Ultraedit 9.0\UltraEdit-32_v9[1].00.zip (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
D:\»Kristinka\»osobni\archiv\zipka\libor\Ultraedit 9.0\kg8\damn_ultraedit80.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
D:\»Kristinka\»osobni\archiv\zipka\libor\Ultraedit 9.0\UE9\UltraEdit32-v9.0.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\Backup_Data\Kristinka\»osobni 2013-11-03 13;54;59 (Full)\archiv\zipka\DAP 5.3\tsrh-dap535x.zip (Trojan.Dropper) -> Nebyla provedena žádná instrukce.
E:\Backup_Data\Kristinka\»osobni 2013-11-03 13;54;59 (Full)\archiv\zipka\libor\Ultraedit 9.0\UltraEdit-32_v9[1].00.zip (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\Backup_Data\Kristinka\»osobni 2013-11-03 13;54;59 (Full)\archiv\zipka\libor\Ultraedit 9.0\kg8\damn_ultraedit80.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
E:\Backup_Data\Kristinka\»osobni 2013-11-03 13;54;59 (Full)\archiv\zipka\libor\Ultraedit 9.0\UE9\UltraEdit32-v9.0.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\Install\Kristi_reinstal\Nero_7\keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\Soubory\Data_Store\Install\Nero_7\keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\Soubory\Data_Store\Install\_Zaloha_Install\Install\clone4\clonecd1465.zip (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
E:\Soubory\Data_Store\Install\_Zaloha_Install\Install\clone4\key.zip (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
E:\Soubory\Data_Store\Install\_Zaloha_Install\Install\PPC Tools\spb.mobile.dvd.1.0.keygen-tsrh.zip (Trojan.Downloader) -> Nebyla provedena žádná instrukce.
E:\Soubory\Data_Store\Zaloha_Old_HDD\Data\Zalohy_ALL\Kristina_PC\D_pracovnik\»Kristina\»osobni\archiv\zipka\DAP 5.3\tsrh-dap535x.zip (Trojan.Dropper) -> Nebyla provedena žádná instrukce.
E:\Soubory\Data_Store\Zaloha_Old_HDD\Data\Zalohy_ALL\Kristina_PC\D_pracovnik\»Kristina\»osobni\archiv\zipka\libor\Ultraedit 9.0\UltraEdit-32_v9[1].00.zip (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\Soubory\Data_Store\Zaloha_Old_HDD\Data\Zalohy_ALL\Kristina_PC\D_pracovnik\»Kristina\»osobni\archiv\zipka\libor\Ultraedit 9.0\kg8\damn_ultraedit80.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
E:\Soubory\Data_Store\Zaloha_Old_HDD\Data\Zalohy_ALL\Kristina_PC\D_pracovnik\»Kristina\»osobni\archiv\zipka\libor\Ultraedit 9.0\UE9\UltraEdit32-v9.0.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\Soubory\Zaloha_Reinstall_PC\Kristinka\4shared_Desktop_3.3.5.exe (PUP.Optional.4Shared) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Hanička\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Hanička\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage-journal (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.

(konec)

#12 Příspěvek od **Márty84** » 02 lis 2014 16:12

Nalezy hodte do karanteny. Po restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle toho se zaridime dale.

Indypetr · #13 Příspěvek od **Indypetr** » 04 lis 2014 17:47

Dobrý den, posílám kompletní log po restartu.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.11.02.03

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
Kristinka :: VESELI [administrátor]

4.11.2014 16:42:53
MBAM-log-2014-11-04 (17-45-32).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 688042
Uplynulý čas: 1 hodin, 11 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 11
D:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077215.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077216.exe (Worm.AutoRun) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077217.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077218.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
E:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077219.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077220.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
E:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077221.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077222.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077223.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077224.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
E:\System Volume Information\_restore{74B03239-A83C-4F56-8FDD-398A5975CC57}\RP230\A0077225.exe (PUP.Optional.4Shared) -> Nebyla provedena žádná instrukce.

(konec)

#14 Příspěvek od **Márty84** » 04 lis 2014 19:08

Bohuzel je havet v bodech obnovy

Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.

Indypetr · #15 Příspěvek od **Indypetr** » 08 lis 2014 15:50

Tak provedeno. Kontrola nic nenasla. Prikladam log :

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.11.08.02

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
Kristinka :: VESELI [administrátor]

Ochrana: Zakázána

8.11.2014 14:53:11
mbam-log-2014-11-08 (14-53-11).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 672277
Uplynulý čas: 54 minut, 1 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

VIRY.CZ

Prosím o preventivní kontrolu

Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu