prosím o kontrolu logu pomalé P.C. Vyřešeno

[mlha]

Logfile of HijackThis v1.99.1
Scan saved at 20:32:00, on 16.10.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Programy\Site LAN a Internet\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} (RossmCZActiveFormX Element) - https://shop.rossmanncz.orwonet.de/shop ... upload.cab
O17 - HKLM\System\CS4\Services\Tcpip\..\{4EDD5666-F1CF-4B44-8AB1-164AD5906384}: NameServer = 10.254.254.254,10.254.254.253
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

[Reklama]

[jaro3]

Eset Trial Reset
odinstaluj si cracklý Eset!

Odinstaluj:
AVG PC TuneUp

Nainstaluj si free antivir: Avira , nebo Avast.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[mlha]

# AdwCleaner v4.000 - Report created 17/10/2014 at 17:09:42
# Updated 12/10/2014 by Xplode
# Database :
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Pocitac - SELINGER
# Running from : C:\Documents and Settings\Pocitac\Plocha\adwcleaner_4.000.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Pocitac\daemonprocess.txt
Folder Found : C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Found : C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Found : C:\Documents and Settings\Pocitac\Data aplikací\defaulttab
Folder Found : C:\Documents and Settings\Pocitac\Data aplikací\freegames4357
Folder Found : C:\Documents and Settings\Pocitac\Data aplikací\newnext.me
Folder Found : C:\Documents and Settings\Pocitac\Data aplikací\NCH Software
Folder Found : C:\Documents and Settings\Pocitac\Data aplikací\speedtest4354
Folder Found : C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\AlawarWrapper
Folder Found : C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\AppsHat Mobile Apps
Folder Found : C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\genienext
Folder Found : C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Mobogenie
Folder Found : C:\Program Files\Mobogenie
Folder Found : C:\Program Files\VideoPlayerV3

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppsHat Mobile Apps
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps
Key Found : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\237AA359BFA99C94484AF769ACA080AD
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A
Key Found : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A
Key Found : HKLM\SOFTWARE\Speedchecker Limited
Key Found : HKLM\SOFTWARE\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Uniblue
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [freegames4357@bestoffers]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v37.0.2062.124

Found [Search Provider] : hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box

*************************

AdwCleaner[R3].txt - [4520 octets] - [17/10/2014 17:09:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [4580 octets] ##########

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[mlha]

# AdwCleaner v4.000 - Report created 17/10/2014 at 18:50:10
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Pocitac - SELINGER
# Running from : C:\Documents and Settings\Pocitac\Plocha\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\AppsHat Mobile Apps
Folder Deleted : C:\Documents and Settings\Pocitac\Data aplikací\defaulttab
Folder Deleted : C:\Documents and Settings\Pocitac\Data aplikací\freegames4357
Folder Deleted : C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\genienext
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Mobogenie
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Deleted : C:\Documents and Settings\Pocitac\Data aplikací\NCH Software
Folder Deleted : C:\Documents and Settings\Pocitac\Data aplikací\newnext.me
Folder Deleted : C:\Documents and Settings\Pocitac\Data aplikací\speedtest4354
Folder Deleted : C:\Program Files\VideoPlayerV3
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Deleted : C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\AlawarWrapper
File Deleted : C:\Documents and Settings\Pocitac\daemonprocess.txt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}
Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppsHat Mobile Apps
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\237AA359BFA99C94484AF769ACA080AD
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R3].txt - [4660 octets] - [17/10/2014 17:09:42]
AdwCleaner[R4].txt - [4953 octets] - [17/10/2014 18:46:44]
AdwCleaner[S1].txt - [4629 octets] - [17/10/2014 18:50:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4689 octets] ##########

[mlha]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Microsoft Windows XP x86
Ran by Pocitac on p  17.10.2014 at 18:58:26,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{63F5471C-DB48-4266-85F6-FEE92EA873ED}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  17.10.2014 at 19:01:12,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[mlha]

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : Pocitac [Práva správce]
Mód : Prohledat -- Datum : 10/17/2014 19:12:52

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 4 (Driver: Nahrán) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\redbook @ Unknown (\SystemRoot\system32\DRIVERS\redbook.sys)
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Reenumerate_DevNode : C:\WINDOWS\system32\SETUPAPI.dll @ 0x779826a5
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Get_DevNode_Status : C:\WINDOWS\system32\SETUPAPI.dll @ 0x7791c6eb
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Get_Parent : C:\WINDOWS\system32\SETUPAPI.dll @ 0x77987a5d

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f1906899dedcbdb33fab59302bce87aa
[BSP] 00238344f0a8f9c8603ca3c7d6de0aab : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29996 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 61432560 | Size: 8158 MB
User = LL1 ... OK
User = LL2 ... OK

[mlha]

Malwarebytes' Anti-Malware mi nejde spustit ani v nouzovém režimu

[jaro3]

XP s ním má problémy...

Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + info o problémech.

[mlha]

Zoek.exe v5.0.0.0 Updated 17-10-2014
Tool run by Pocitac on pá 17.10.2014 at 21:54:47,96.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Pocitac\Plocha\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

17.10.2014 21:57:24 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\Locutus deleted successfully
C:\Program Files\Common Files\NSV deleted successfully
C:\Documents and Settings\All Users\Nabídka Start\Programy\eset smart security 6 cz licence plna verze 50 let do 2032 deleted successfully
C:\Documents and Settings\Pocitac\Nabídka Start\Programy\Google Chrome deleted successfully
C:\Documents and Settings\Pocitac\Nabídka Start\Programy\StartUp deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\BigFishCache deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Bluetooth deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Klient2 deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Real deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\regid.1986-12.com.adobe deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Documents and Settings\LocalService\Data aplikací\Google deleted successfully
C:\Documents and Settings\Pocitac\Data aplikací\WinRAR deleted successfully
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\GHISLER deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\LG Electronics deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Real deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Room Arranger deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\WMTools Downloaded Files deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\yBook deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{63D31C89-53A6-41B7-AE36-76496E514BF3} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{c99a982b-6544-4bfb-9889-f60b704b6495} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully
HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@VideoPlayerV3beta118.net deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\DATAAP~1\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\Documents and Settings\Pocitac\.android deleted
C:\Program Files\Alawar deleted
C:\Program Files\Alawarhry.cz deleted
C:\Documents and Settings\Pocitac\Data aplikací\AlawarEntertainment deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ezsid.dat deleted
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\adawarebp deleted
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\cache deleted
C:\Documents and Settings\All Users\Nabídka Start\Programy\Spybot - Search & Destroy deleted
C:\WINDOWS\system32\GroupPolicy\ADM deleted
C:\Documents and Settings\Pocitac\Data aplikací\Mozilla\Extensions\freegames4357@BestOffers deleted
C:\Documents and Settings\Pocitac\Data aplikací\Mozilla\Extensions\speedtest4354@BestOffers deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\Pocitac\LOCALS~1\Temp ====
2014-10-17 17:08:50 0A12141F94F9C7A478AF490454320E97 713216 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\dllnt_dump.dll
2014-10-17 16:58:15 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\libiconv2.dll
2014-10-17 16:58:15 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\libintl3.dll
2014-10-17 16:58:15 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\pcre3.dll
2014-10-17 16:58:15 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\regex2.dll
2014-10-17 16:58:15 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\erunt\ERUNT.EXE
2014-10-12 16:54:48 E17B30D3B06DBC63E9E94DAE70290A35 787968 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\sqlite3.dll
2014-10-04 11:07:13 AA2A68098801AB50CE128F3A731F86ED 377097 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\Quarantine.exe
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2014-10-16 17:30:46 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\WINDOWS\System32\javaws.exe
2014-10-16 17:30:46 620A7F88CA0ED075CDF8DF4D36CADD28 145408 ----a-w- C:\WINDOWS\System32\javacpl.cpl
2014-10-16 17:30:36 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\WINDOWS\System32\javaw.exe
2014-10-16 17:30:36 279C281689A48D1CAF37338CAB312C06 96680 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll
2014-10-16 17:30:36 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\WINDOWS\System32\java.exe
====== C:\WINDOWS\system32\drivers =====
2014-10-17 17:08:50 A1965DFC0CD91E7CFC42925F8F597274 34808 ----a-w- C:\WINDOWS\System32\drivers\TrueSight.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-10-16 17:30:59 -------- d-----w- C:\Program Files\Common Files\Java
2014-10-13 18:18:15 -------- d-----w- C:\Program Files\Common Files\Skype
2014-10-03 15:51:58 -------- d-----w- C:\Program Files\DsNET Corp
======= C: =====
====== C:\Documents and Settings\Pocitac\Data aplikací ======
====== C:\Documents and Settings\Pocitac ======
2014-10-14 20:09:52 -------- d--h--r- C:\Documents and Settings\Pocitac\Recent

====== C: exe-files ==
2014-10-17 16:58:15 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\erunt\ERUNT.EXE
2014-10-16 17:30:46 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\WINDOWS\system32\javaws.exe
2014-10-16 17:30:36 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\WINDOWS\system32\javaw.exe
2014-10-16 17:30:36 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\WINDOWS\system32\java.exe
2014-10-16 17:30:17 EAFDA2D17FF6CC0B2AFEE21E9134EBF8 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe
2014-10-16 17:30:17 CBE8C6FAEDBA9A2C2577133F0321CBD8 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-10-16 17:30:17 BFEC01FEA21A749C43DE15F1644E7900 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe
2014-10-16 17:30:17 9FF29AE2E75939EFF8A390AD51F5FEFF 50088 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-10-16 17:30:17 9D9A28606B59C3D8D8FD1F7704AAAD81 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe
2014-10-16 17:30:17 74222EDB01CF2D9865D8AC1EEE7C5B63 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe
2014-10-16 17:30:17 6DCF8B667B6C9AD851B2B5CB256521ED 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-10-16 17:30:16 EEFD7F935D944118FED39D3041352990 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe
2014-10-16 17:30:16 DBDB1A25291B2D18C614F5CA963156A8 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe
2014-10-16 17:30:16 DB769E9AE525963168BD4B60BFBF55EB 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe
2014-10-16 17:30:16 C935769C537A94BC026BD813015DA450 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe
2014-10-16 17:30:16 BDB4ABB929ADBC7B98E1087830809564 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe
2014-10-16 17:30:16 93F297984DB0561694F6454A3066D542 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe
2014-10-16 17:30:16 93CFE0C1473D2220FBDA2A9C08848F34 75688 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-10-16 17:30:16 6A4970A237A9FE01A36C4181E2A8C1B0 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe
2014-10-16 17:30:12 D3BC8953C21770FC147064B0BAE78063 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe
2014-10-16 17:30:12 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe
2014-10-16 17:30:12 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe
2014-10-16 17:30:11 E04E87CDF6CA797BA7C8EA45228FE9E0 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-10-16 17:30:11 DD8E9CE0BDF8CE1131004673D9C5444D 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-10-16 17:30:11 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Program Files\Java\jre7\bin\java.exe
2014-10-16 17:25:10 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Documents and Settings\Pocitac\Data aplikací\Sun\Java\jre1.7.0_71\lzma.exe
=== C: other files ==
2014-10-17 17:08:50 A1965DFC0CD91E7CFC42925F8F597274 34808 ----a-w- C:\WINDOWS\system32\drivers\TrueSight.sys
2014-10-17 16:58:15 FC1F36A7844235BACFE12DF3FD486026 14957 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\get.bat
2014-10-17 16:58:15 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\prelim.bat
2014-10-17 16:58:15 E5E1041DE1DBDDF20D704BA894BEAD05 183929 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\misc.bat
2014-10-17 16:58:15 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\runvalues.bat
2014-10-17 16:58:15 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\TDL4.bat
2014-10-17 16:58:15 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\medfos.bat
2014-10-17 16:58:15 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\surfvox.bat
2014-10-17 16:58:15 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\searchlnk.bat
2014-10-17 16:58:15 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\firefox.bat
2014-10-17 16:58:15 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\ev_clear.bat
2014-10-17 16:58:15 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\mws.bat
2014-10-17 16:58:15 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\ask.bat
2014-10-17 16:58:15 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\iexplore.bat
2014-10-17 16:58:15 1EFD82B5DDC672FE3D2AFE731898BAF4 14044 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\chrome.bat
2014-10-17 16:58:15 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Documents and Settings\Pocitac\Local Settings\temp\jrt\delfolders.bat
2014-10-16 17:30:17 EC9D939B904C3A942484AFB3293AA413 18714 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog"

[HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Seznam Postak"="C:\Program Files\Seznam.cz\postak.exe -s"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="%systemroot%\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="%systemroot%\system32\tscupgrd.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"CHotkey"="mHotkey.exe"
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"RTHDCPL"="RTHDCPL.EXE"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe "
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Seznam Postak"="C:\Program Files\Seznam.cz\postak.exe -s"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BluetoothAuthenticationAgent"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EEventManager"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\EPSONS~1\\EVENTM~1\\EEventManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX110 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON SX110 Series"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIFBE.EXE /FU \"C:\\WINDOWS\\TEMP\\E_SAB.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCSuiteTrayApplication"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Synchronization Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Synchronization Manager"
"hkey"="HKLM"
"command"="%SystemRoot%\\system32\\mobsync.exe /logon"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
"item"="Windows Search"
"path"="C:\\Documents and Settings\\All Users\\Nabídka Start\\Programy\\Po spuštění\\Windows Search.lnk"
"backup"="C:\\WINDOWS\\pss\\Windows Search.lnkCommon Startup"
"command"="C:\\PROGRA~1\\WINDOW~4\\WINDOW~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Pocitac^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
"item"="Výřezy obrazovky a spuštění aplikace OneNote 2010"
"path"="C:\\Documents and Settings\\Pocitac\\Nabídka Start\\Programy\\Po spuštění\\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk"
"backup"="C:\\WINDOWS\\pss\\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnkStartup"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24.09.2014 20:05]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004Core.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-583907252-2052111302-682003330-1004UA.job --a------ C:\Documents and Settings\Pocitac\Local Settings\Data aplikac\Facebook\Update\FacebookUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22.10.2013 19:25]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22.10.2013 19:25]
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job --a------ C:\WINDOWS\system32\xp_eos.exe [27.02.2014 01:28]
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job --a------ C:\WINDOWS\system32\xp_eos.exe [27.02.2014 01:28]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"speedtest4354@BestOffers"="C:\Documents and Settings\Pocitac\Data aplikací\Mozilla\Extensions\speedtest4354@BestOffers" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"speedtest4354@BestOffers"="C:\Documents and Settings\Pocitac\Data aplikací\Mozilla\Extensions\speedtest4354@BestOffers" []

==== Chromium Look ======================

DefaultTab - LocalService\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Ask Toolbar - Pocitac\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Comodo Web Inspector - Pocitac\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Share Page Service - Pocitac\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Angry Birds - Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Docs - Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
YouTube - Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Preferences
"homepage": "http://www.search.ask.com/?o=APN10257&gct=hp",
"homepage": "http://www.search.ask.com/?o=APN10257&gct=hp",
"urls_to_restore_on_startup": [ "http://www.search.ask.com/?o=APN10257&gct=hp" ]
"urls_to_restore_on_startup": [ "http://www.search.ask.com/?o=APN10257&gct=hp" ]


==== Chromium Fix ======================

C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_savethearctic.org_0.localstorage deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_savethearctic.org_0.localstorage-journal deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.savethearctic.org_0.localstorage deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_www.savethearctic.org_0.localstorage-journal deleted successfully
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage deleted successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{14FD5480-A743-4F4B-BF5C-54B6B62ADF38} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{20FCF5CB-2BA5-42FB-AFE0-5599AC8A1F11} Slovník CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415"
{2a0a0b76-6f8e-4238-ab65-55d983ebefa1} Zboží.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415"
{44a595a4-a7a3-440c-9bae-7eff77c35dc6} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_13415"
{4D6CE8FB-65AC-4613-97FB-8FB34B286DB3} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415"
{61C032EF-55D5-4B35-977F-85BB56A2A9AF} Atlas hledání Url="http://search.atlas.cz/?q={searchTerms}"
{61C032EF-55D5-4B35-977F-85BB56A2A9AF} Atlas hledání Url="http://search.atlas.cz/?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
{C4CCFA9B-4B0B-4352-BEDD-8295E7574ED1} Slovník EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415"
{CD2C77FE-9B8A-4247-920C-EABD380B8A71} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{d9dc4c62-9dd1-4e1c-b3dd-aad95f1a8d7c} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-583907252-2052111302-682003330-1004\Software\Mozilla\Firefox\Extensions\speedtest4354@BestOffers deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\speedtest4354@BestOffers deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pictureviewer.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quicktimeplayer.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stamp.exe deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Woodland Dreams Screensaver deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Pocitac\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2618 folders=342 828844580 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\Documents and Settings\Pocitac\Local Settings\temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Pocitac\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\Pocitac\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on p  17.10.2014 at 22:18:26,23 ======================

[mlha]

Tak snad to bude všechno OK. Dík


Logfile of HijackThis v1.99.1
Scan saved at 22:25:53, on 17.10.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
D:\Programy\Site LAN a Internet\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} (RossmCZActiveFormX Element) - https://shop.rossmanncz.orwonet.de/shop ... upload.cab
O17 - HKLM\System\CS4\Services\Tcpip\..\{4EDD5666-F1CF-4B44-8AB1-164AD5906384}: NameServer = 10.254.254.254,10.254.254.253
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

[jaro3]

Odinstaluj:
AVG PC TuneUp

Kde je RogueKiller?