Vše spouští explorer - kontrola logu

Zpráva

pedrosadc · #1 Příspěvek od **pedrosadc** » 04 pro 2012 17:31

Dobrý den, prosím o kontrolu logu. Mám problém se synovcovým počítačem. Všechnz ikony na ploše spouští explorer.
Děkuji za pomoc. Petr

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jirik at 2012-12-04 16:56:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 23 GB (37%) free of 61 GB
Total RAM: 3071 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:56:36, on 4.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jirik\Downloads\RSIT.exe
C:\Program Files\trend micro\Jirik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=116987 ... c0110164db
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{5AB ... 890E23A054}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AveoSTI.exe] C:\Program Files\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe
O4 - HKLM\..\Run: [Launch SilverCrest STMS 2017 A1-K] D:\instalace\KbClient_FD2.exe
O4 - HKLM\..\Run: [Launch SilverCrest STMS 2017 A1-M] D:\instalace\MouClient_FD2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Hypersight] C:\Program Files\Hypersight\hypersight.exe
O4 - HKLM\..\Run: [security] C:\Windows\security.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jirik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Remote Mouse] "C:\Program Files\Remote Mouse\RemoteMouse.exe" -slient
O4 - HKCU\..\Run: [Steam] "D:\steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: Hamachi.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\gprs.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ROLLBA~1\Mcrosoft\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ROLLBA~1\Mcrosoft\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ROLLBA~1\Mcrosoft\Office12\REFIEBAR.DLL
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\BTNtService.exe
O23 - Service: CNRQ - Sysinternals - www.sysinternals.com - C:\Users\Jirik\AppData\Local\Temp\CNRQ.exe
O23 - Service: FCRVNEPORMI - Sysinternals - www.sysinternals.com - C:\Users\Jirik\AppData\Local\Temp\FCRVNEPORMI.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Start BT in service - Unknown owner - D:\Program Files\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 9503 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1068037707-733208175-3387258024-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1068037707-733208175-3387258024-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=116987 ... c0110164db"
prefs.js - "extensions.enabledItems" - "bkmrksync@nokia.com:1.0.0.736, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550, virtualKeyboard@kaspersky.ru:11.0.2.579, KavAntiBanner@Kaspersky.ru:11.0.2.579, linkfilter@kaspersky.ru:11.0.2.579, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=116987 ... 10164db&q="

"bkmrksync@nokia.com"=D:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"virtualKeyboard@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
"KavAntiBanner@Kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
"linkfilter@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/esnlaunch,version=1.140.0]
"Description"=
"Path"=C:\Program Files\Battlelog Web Plugins\1.140.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/esnlaunch,version=2.1.2]
"Description"=
"Path"=C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
exeImagine.IMD
npImagine.dll
npnul32.dll
NPOFF12.DLL

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\extensions\
ffxtlbr@babylon.com
plugin@yontoo.com
{75656794-AB59-4712-BFBC-5D816D56F3BC}

C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\searchplugins\
askcom.xml
search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-27 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-11-22 4529344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-27 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files\Yontoo\YontooIEClient.dll [2012-03-27 792864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - HyperCam Toolbar - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-07-14 660480]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
"AveoSTI.exe"=C:\Program Files\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [2010-12-02 32768]
"Launch SilverCrest STMS 2017 A1-K"=D:\instalace\KbClient_FD2.exe [2011-02-17 1424384]
"Launch SilverCrest STMS 2017 A1-M"=D:\instalace\MouClient_FD2.exe [2011-02-17 865280]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2012-10-31 206448]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-09-28 642728]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Hypersight"=C:\Program Files\Hypersight\hypersight.exe [2008-02-17 495616]
"security"=C:\Windows\security.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-06-22 133576]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Google Update"=C:\Users\Jirik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 136176]
"Remote Mouse"=C:\Program Files\Remote Mouse\RemoteMouse.exe [2011-05-10 872448]
"Steam"=D:\steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LchDrvKey]
C:\Windows\LchDrvKey.exe [2007-03-28 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jirik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
D:\ROLLBA~1\Mcrosoft\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BlueSoleil.lnk - D:\Program Files\gprs.exe

C:\Users\Jirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Hamachi.lnk - D:\Fleška\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStartMenuMorePrograms"=0
"HideSCABattery"=1
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=sx_cam_i420.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv
"wave7"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux4"=wdmaud.drv
"wave8"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux5"=wdmaud.drv
"wave9"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-12-04 16:56:08 ----D---- C:\Program Files\trend micro
2012-12-04 16:56:07 ----D---- C:\rsit
2012-12-04 16:46:24 ----A---- C:\Windows\ntbtlog.txt
2012-12-03 17:21:57 ----A---- C:\Windows\system32\drivers\rkhdrv40.sys
2012-12-03 17:12:58 ----D---- C:\Program Files\Hypersight
2012-12-03 17:09:50 ----D---- C:\Windows\pss
2012-12-03 17:06:20 ----D---- C:\Program Files\CCleaner
2012-12-02 15:26:32 ----A---- C:\Windows\system32\drivers\RTL8192cu.sys
2012-11-27 21:00:10 ----A---- C:\Windows\system32\javaws.exe
2012-11-27 21:00:02 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2012-11-27 20:59:14 ----A---- C:\Windows\system32\javaw.exe
2012-11-27 20:59:14 ----A---- C:\Windows\system32\java.exe
2012-11-27 20:35:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-11-26 21:00:06 ----D---- C:\ProgramData\Ask
2012-11-26 21:00:00 ----D---- C:\Program Files\Common Files\Java
2012-11-24 20:40:03 ----D---- C:\Program Files\Common Files\Skype
2012-11-16 23:15:10 ----A---- C:\Windows\system32\Wdfres.dll
2012-11-16 23:15:10 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2012-11-16 23:15:10 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2012-11-16 23:14:25 ----A---- C:\Windows\system32\WUDFSvc.dll
2012-11-16 23:14:25 ----A---- C:\Windows\system32\WUDFPlatform.dll
2012-11-16 23:14:25 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2012-11-16 23:14:25 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2012-11-16 23:14:23 ----A---- C:\Windows\system32\WUDFx.dll
2012-11-16 23:14:23 ----A---- C:\Windows\system32\WUDFHost.exe
2012-11-16 23:14:23 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2012-11-16 23:13:49 ----A---- C:\Windows\system32\vbscript.dll
2012-11-16 23:13:49 ----A---- C:\Windows\system32\mshtmled.dll
2012-11-16 23:13:48 ----A---- C:\Windows\system32\msfeeds.dll
2012-11-16 23:13:48 ----A---- C:\Windows\system32\jsproxy.dll
2012-11-16 23:13:48 ----A---- C:\Windows\system32\ieUnatt.exe
2012-11-16 23:13:48 ----A---- C:\Windows\system32\ieui.dll
2012-11-16 23:13:47 ----A---- C:\Windows\system32\wininet.dll
2012-11-16 23:13:47 ----A---- C:\Windows\system32\url.dll
2012-11-16 23:13:47 ----A---- C:\Windows\system32\jscript9.dll
2012-11-16 23:13:47 ----A---- C:\Windows\system32\jscript.dll
2012-11-16 23:13:47 ----A---- C:\Windows\system32\iertutil.dll
2012-11-16 23:13:46 ----A---- C:\Windows\system32\urlmon.dll
2012-11-16 23:13:45 ----A---- C:\Windows\system32\ieframe.dll
2012-11-16 23:13:44 ----A---- C:\Windows\system32\mshtml.dll
2012-11-16 22:37:35 ----D---- C:\Windows\system32\directx
2012-11-16 20:01:16 ----A---- C:\Windows\system32\nlasvc.dll
2012-11-16 20:01:16 ----A---- C:\Windows\system32\nlaapi.dll
2012-11-16 20:01:16 ----A---- C:\Windows\system32\netevent.dll
2012-11-16 20:01:16 ----A---- C:\Windows\system32\netcorehc.dll
2012-11-16 20:01:16 ----A---- C:\Windows\system32\ncsi.dll
2012-11-16 20:01:16 ----A---- C:\Windows\system32\iphlpsvc.dll
2012-11-16 20:01:16 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2012-11-16 20:01:16 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-11-16 20:01:12 ----A---- C:\Windows\system32\synceng.dll
2012-11-16 20:01:11 ----A---- C:\Windows\system32\win32k.sys
2012-11-16 20:01:10 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2012-11-16 20:01:10 ----A---- C:\Windows\system32\dhcpcore6.dll
2012-11-14 19:59:41 ----D---- C:\Program Files\AMD APP
2012-11-14 19:59:32 ----D---- C:\Program Files\Common Files\ATI Technologies
2012-11-10 11:59:29 ----D---- C:\Users\Jirik\AppData\Roaming\ATI
2012-11-10 11:59:29 ----D---- C:\ProgramData\ATI
2012-11-10 11:55:31 ----D---- C:\ProgramData\AMD
2012-11-10 11:55:29 ----D---- C:\Program Files\AMD AVT
2012-11-10 11:48:03 ----D---- C:\Program Files\ATI
2012-11-10 11:47:33 ----D---- C:\Program Files\ATI Technologies
2012-11-10 11:46:57 ----D---- C:\AMD

======List of files/folders modified in the last 1 month======

2012-12-04 16:56:12 ----D---- C:\Windows\Temp
2012-12-04 16:56:08 ----RD---- C:\Program Files
2012-12-04 16:50:51 ----D---- C:\Windows\System32
2012-12-04 16:50:51 ----D---- C:\Windows\inf
2012-12-04 16:50:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-04 16:46:24 ----D---- C:\Windows
2012-12-04 16:44:37 ----D---- C:\Windows\Prefetch
2012-12-04 16:43:50 ----D---- C:\Windows\system32\config
2012-12-04 16:41:20 ----D---- C:\ProgramData\Kaspersky Lab
2012-12-03 17:54:19 ----D---- C:\Windows\system32\LogFiles
2012-12-03 17:52:18 ----D---- C:\Windows\Minidump
2012-12-03 17:21:57 ----D---- C:\Windows\system32\drivers
2012-12-03 17:07:24 ----D---- C:\Windows\debug
2012-12-03 16:31:27 ----SHD---- C:\Windows\Installer
2012-12-03 16:31:25 ----D---- C:\ProgramData\Skype
2012-12-02 16:49:42 ----SHD---- C:\System Volume Information
2012-12-02 15:33:38 ----D---- C:\Windows\system32\Tasks
2012-12-02 15:26:51 ----D---- C:\Windows\system32\catroot
2012-12-02 15:26:49 ----D---- C:\Windows\system32\DriverStore
2012-11-29 19:39:55 ----D---- C:\Windows\rescache
2012-11-29 18:31:01 ----AD---- C:\Users\Jirik\AppData\Roaming\.minecraft
2012-11-29 18:17:45 ----D---- C:\Windows\winsxs
2012-11-29 18:17:22 ----D---- C:\Windows\AppPatch
2012-11-27 20:59:52 ----A---- C:\Windows\system32\npDeployJava1.dll
2012-11-27 20:59:52 ----A---- C:\Windows\system32\deployJava1.dll
2012-11-27 20:59:49 ----D---- C:\Program Files\Java
2012-11-27 20:35:42 ----D---- C:\Windows\Tasks
2012-11-27 20:00:36 ----D---- C:\Windows\system32\catroot2
2012-11-26 21:09:48 ----D---- C:\Users\Jirik\AppData\Roaming\Skype
2012-11-26 21:09:22 ----D---- C:\Users\Jirik\AppData\Roaming\Hamachi
2012-11-26 21:00:06 ----HD---- C:\ProgramData
2012-11-26 21:00:00 ----D---- C:\Program Files\Common Files
2012-11-26 19:49:39 ----A---- C:\Windows\system32\PnkBstrB.exe
2012-11-24 20:40:03 ----RD---- C:\Program Files\Skype
2012-11-23 19:02:44 ----D---- C:\Program Files\Battlelog Web Plugins
2012-11-18 21:08:49 ----D---- C:\Program Files\Google
2012-11-18 20:39:37 ----D---- C:\Users\Jirik\AppData\Roaming\.techniclauncher
2012-11-18 19:47:37 ----D---- C:\Windows\Microsoft.NET
2012-11-18 18:12:35 ----RSD---- C:\Windows\assembly
2012-11-18 17:08:42 ----RSD---- C:\Windows\Fonts
2012-11-18 17:08:41 ----D---- C:\Windows\system32\wbem
2012-11-18 17:08:41 ----D---- C:\Windows\system32\migration
2012-11-18 17:08:41 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-11-18 17:08:41 ----D---- C:\Windows\system32\cs-CZ
2012-11-18 17:08:40 ----D---- C:\Program Files\Internet Explorer
2012-11-16 23:16:25 ----A---- C:\Windows\system32\MRT.exe
2012-11-16 23:16:10 ----D---- C:\ProgramData\Microsoft Help
2012-11-14 20:08:44 ----A---- C:\Windows\system32\PnkBstrA.exe
2012-11-14 19:59:51 ----D---- C:\Program Files\Mozilla Firefox
2012-11-14 19:38:33 ----D---- C:\Program Files\Origin
2012-11-13 20:04:17 ----D---- C:\Users\Jirik\AppData\Roaming\TeamViewer
2012-11-13 20:02:05 ----D---- C:\Windows\system32\wfp
2012-11-13 20:02:04 ----D---- C:\Windows\system32\CodeIntegrity
2012-11-13 20:01:59 ----D---- C:\Windows\registration
2012-11-10 12:01:58 ----D---- C:\ProgramData\Origin
2012-11-09 13:16:31 ----D---- C:\ProgramData\EA Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 133208]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-08-18 145952]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-06-23 25280]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 RTL8192cu;EDUP Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192cu.sys [2010-03-26 502304]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 30208]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-21 691696]
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 31088]
S1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2012-10-31 586072]
S2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-09-28 9107968]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-09-28 370176]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 AVEO;USB2.0 PC Camera; C:\Windows\system32\DRIVERS\AVEOdcnt.sys [2010-12-31 321024]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service; C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 14848]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2008-01-19 20992]
S3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MouFilter_Mou_FlexDef4;HID Mouse(FlexDef4) Driver Service; C:\Windows\system32\DRIVERS\MouFilter_FlexDef4.sys [2010-10-20 11776]
S3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
S3 PAC7302;Eye 312; C:\Windows\system32\DRIVERS\PAC7302.SYS [2009-04-28 461824]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [2009-08-22 9088]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 31816]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-09-28 217600]
S2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2012-10-31 206448]
S2 BlueSoleil Hid Service;BlueSoleil Hid Service; D:\Program Files\BTNtService.exe [2007-12-27 166520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
S2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-11-14 76888]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 Start BT in service;Start BT in service; D:\Program Files\StartSkysolSvc.exe [2007-12-27 51816]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 250808]
S3 CNRQ;CNRQ; C:\Users\Jirik\AppData\Local\Temp\CNRQ.exe [2012-12-03 363392]
S3 FCRVNEPORMI;FCRVNEPORMI; C:\Users\Jirik\AppData\Local\Temp\FCRVNEPORMI.exe [2012-12-03 383872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-24 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 04 pro 2012 17:36

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

pedrosadc · #3 Příspěvek od **pedrosadc** » 04 pro 2012 18:23

Děkuji za pomoc dávám vypis rkill a pokracuji.

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/04/2012 06:14:31 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Systém událostí COM+ (EventSystem) is not Running.
Startup Type set to: Automatic

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/04/2012 06:15:06 PM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

#4 Příspěvek od **vyosek** » 04 pro 2012 18:51

OK, pockam si na ComboFix

pedrosadc · #5 Příspěvek od **pedrosadc** » 04 pro 2012 19:02

zde je combofix

ComboFix 12-12-04.01 - Jirik 04.12.2012 18:49:55.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.2269 [GMT 1:00]
Spuštěný z: c:\users\Jirik\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\HyperCam Toolbar\tbHElper.dll
c:\program files\Java\jre7\bin\ssv.dll
c:\programdata\ntuser.dat
D:\Autorun.inf
D:\uninstall.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-04 16:44 . 2012-12-04 16:44 -------- d-----w- c:\program files\ESET
2012-12-04 15:56 . 2012-12-04 15:56 -------- d-----w- c:\program files\trend micro
2012-12-04 15:56 . 2012-12-04 15:56 -------- d-----w- C:\rsit
2012-12-03 16:21 . 2012-12-03 16:21 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys
2012-12-03 16:12 . 2012-12-03 16:16 -------- d-----w- c:\program files\Hypersight
2012-12-03 16:06 . 2012-12-03 16:06 -------- d-----w- c:\program files\CCleaner
2012-12-02 14:26 . 2010-03-26 15:42 502304 ----a-w- c:\windows\system32\drivers\RTL8192cu.sys
2012-11-30 16:42 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5670C2DC-FFFA-4743-AFB9-6B39A264ACF6}\mpengine.dll
2012-11-29 20:30 . 2012-11-29 20:30 -------- d-----w- c:\users\Jirik\AppData\Local\FreePascal
2012-11-27 20:00 . 2012-11-27 19:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-27 19:35 . 2012-11-27 19:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-27 19:35 . 2012-11-27 19:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-26 20:00 . 2012-11-26 20:00 -------- d-----w- c:\programdata\Ask
2012-11-26 20:00 . 2012-11-26 20:00 -------- d-----w- c:\program files\Common Files\Java
2012-11-24 19:40 . 2012-11-24 19:40 -------- d-----w- c:\program files\Common Files\Skype
2012-11-23 18:02 . 2012-11-23 18:02 -------- d-----w- c:\users\Jirik\AppData\Local\ESN
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-18 20:02 . 2012-11-18 20:02 -------- d-----w- c:\users\Jirik\AppData\Local\CrashRpt
2012-11-16 22:15 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 22:15 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 22:15 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 22:14 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 22:14 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 22:14 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 22:14 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 22:14 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 22:14 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 22:14 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 19:01 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 19:01 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 19:01 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 19:01 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 19:01 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 19:01 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 19:01 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 19:01 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 19:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 19:01 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 19:01 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 19:01 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 19:08 . 2012-11-26 18:49 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-11-14 19:02 . 2012-11-14 19:02 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-14 18:59 . 2012-11-14 18:59 -------- d-----w- c:\program files\AMD APP
2012-11-14 18:59 . 2012-11-14 18:59 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-10 11:01 . 2012-11-10 11:02 -------- d-----w- c:\users\Jirik\AppData\Local\Origin
2012-11-10 10:59 . 2012-11-10 10:59 -------- d-----w- c:\users\Jirik\AppData\Roaming\ATI
2012-11-10 10:59 . 2012-11-10 10:59 -------- d-----w- c:\users\Jirik\AppData\Local\ATI
2012-11-10 10:59 . 2012-11-10 10:59 -------- d-----w- c:\programdata\ATI
2012-11-10 10:55 . 2012-11-10 10:55 -------- d-----w- c:\programdata\AMD
2012-11-10 10:55 . 2012-11-10 10:55 -------- d-----w- c:\program files\AMD AVT
2012-11-10 10:48 . 2012-11-10 10:48 -------- d-----w- c:\program files\ATI
2012-11-10 10:47 . 2012-11-10 10:55 -------- d-----w- c:\program files\ATI Technologies
2012-11-10 10:46 . 2012-11-10 10:46 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-27 19:59 . 2012-08-01 12:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-27 19:59 . 2011-10-09 11:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 18:49 . 2012-10-25 09:23 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-26 18:49 . 2012-10-25 09:22 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-24 19:42 . 2012-10-25 09:22 281520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-11-14 19:08 . 2012-10-25 09:22 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-10-25 09:23 . 2012-10-25 09:23 138056 ----a-w- c:\users\Jirik\AppData\Roaming\PnkBstrK.sys
2012-10-16 07:39 . 2012-11-27 19:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-28 14:36 . 2012-09-28 14:36 180224 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 14:36 . 2012-09-28 14:36 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-09-28 14:36 . 2012-09-28 14:36 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-09-28 14:32 . 2012-09-28 14:32 27341824 ----a-w- c:\windows\system32\amdocl.dll
2012-09-28 14:28 . 2012-09-28 14:28 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-28 02:22 . 2012-09-28 02:22 5557928 ----a-w- c:\windows\system32\atiumdag.dll
2012-09-28 02:20 . 2012-09-28 02:20 9107968 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 58880 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\system32\aticfx32.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\system32\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\system32\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:38 . 2012-09-28 01:38 473088 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-09-28 01:36 . 2012-09-28 01:36 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\system32\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-09-28 01:12 . 2012-09-28 01:12 370176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\system32\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-14 18:28 . 2012-10-10 18:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Remote Mouse"="c:\program files\Remote Mouse\RemoteMouse.exe" [2011-05-10 872448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AveoSTI.exe"="c:\program files\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe" [2010-12-02 32768]
"Launch SilverCrest STMS 2017 A1-K"="d:\instalace\KbClient_FD2.exe" [2011-02-17 1424384]
"Launch SilverCrest STMS 2017 A1-M"="d:\instalace\MouClient_FD2.exe" [2011-02-17 865280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Hypersight"="c:\program files\Hypersight\hypersight.exe" [2008-02-17 495616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
c:\users\Jirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hamachi.lnk - d:\fleška\hamachi.exe [2011-7-6 624416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - d:\program files\gprs.exe [2007-12-27 43608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^Jirik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Jirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LchDrvKey]
2007-03-28 15:55 36864 ----a-w- c:\windows\LchDrvKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Start BT in service;Start BT in service;d:\program files\StartSkysolSvc.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys [x]
R3 CNRQ;CNRQ;c:\users\Jirik\AppData\Local\Temp\CNRQ.exe [x]
R3 FCRVNEPORMI;FCRVNEPORMI;c:\users\Jirik\AppData\Local\Temp\FCRVNEPORMI.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 MouFilter_Mou_FlexDef4;HID Mouse(FlexDef4) Driver Service;c:\windows\system32\DRIVERS\MouFilter_FlexDef4.sys [x]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S3 RTL8192cu;EDUP Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 19:35]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 12:04]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 12:04]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068037707-733208175-3387258024-1001Core.job
- c:\users\Jirik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 11:05]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068037707-733208175-3387258024-1001UA.job
- c:\users\Jirik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 11:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_ss&mntrId=d4caa67f00000000000000c0110164db
mStart Page = hxxp://www.bigseekpro.com/hypercam/{5AB7F37D-F ... 890E23A054}
FF - ProfilePath - c:\users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_ss&mntrId=d4caa67f00000000000000c0110164db
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=KW_ss&mntrId=d4caa67f00000000000000c0110164db&q=
FF - user.js: extensions.BabylonToolbar_i.id - d4caa67f00000000000000c0110164db
FF - user.js: extensions.BabylonToolbar_i.hardId - d4caa67f00000000000000c0110164db
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:36
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - f1d1f20a-2caf-4435-a3a3-1f57d06651da
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Steam - d:\steam\Steam.exe
AddRemove-504244733D18C8F63FF584AEB290E3904E791693 - c:\progra~1\DIFX\B4723E9A0713E5B1\dpinst.exe
AddRemove-6DA48AFDE796708D5A4C9121A83E7617A63A9A15 - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-Divoký míč 3 - c:\program files\Divoký míč 3\Uninstall.exe
AddRemove-E5372C32E8562C76C24DBA6525002B1031495F34 - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-FlatOut Ultimate Carnage - c:\program files\Empire Interactive\FlatOut Ultimate Carnage\Uninstall.exe
AddRemove-FlightGear_is1 - c:\program files\FlightGear\unins000.exe
AddRemove-HyperCam Toolbar - c:\program files\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-Minecraft (Beta v1.2_01) Beta v1.2_01 - D:\uninstall.exe
AddRemove-MinecraftAlpha - c:\users\Jirik\Desktop\downald\MinecraftAlpha\Uninstall.exe
AddRemove-Wubi - d:\ubuntu\uninstall-wubi.exe
AddRemove-{328b4b27-557b-47e3-841e-3c86ab40a831}_is1 - d:\mono-2.10.8\unins000.exe
AddRemove-{7DE24E33-FAF6-4235-958F-F92560B9C7F6}_is1 - c:\program files\Ford Street Racing\unins000.exe
AddRemove-{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1 - c:\program files\FlatOut2\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-04 18:55:58
ComboFix-quarantined-files.txt 2012-12-04 17:55
.
Před spuštěním: Volných bajtů: 23 971 373 056
Po spuštění: Volných bajtů: 23 850 192 896
.
- - End Of File - - DF189CB670AC9E23BA6AFE86A3025EB8

#6 Příspěvek od **vyosek** » 04 pro 2012 19:32

Nedavejte logy do code

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

pedrosadc · #7 Příspěvek od **pedrosadc** » 04 pro 2012 19:38

Zde je výstup. Děkuji

# AdwCleaner v2.011 - Logfile created 12/04/2012 at 19:35:48
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Jirik - BRESSER
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jirik\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\searchplugins\Askcom.xml
File Found : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\searchplugins\search.xml
Folder Found : C:\Program Files\HyperCam Toolbar
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Jirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Jirik\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Jirik\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Jirik\AppData\Roaming\Babylon
Folder Found : C:\Users\Jirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic
Folder Found : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Found : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Somoto Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-1068037707-733208175-3387258024-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1068037707-733208175-3387258024-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/hypercam/{5AB7F37D-F ... 890E23A054}

-\\ Mozilla Firefox v3.6 (cs)

Profile name : default
File : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_s[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "d4caa67f00000000000000c0110164db");
Found : user_pref("extensions.BabylonToolbar_i.id", "d4caa67f00000000000000c0110164db");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15428");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:36:24");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=NT_ss&mntr[...]
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=KW_ss&mntrId=d4c[...]
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Jirik\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.9] : homepage = "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_ss&mntrId=d4caa67f00000000000000c0110164db",
Found [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_ss&mntrId=d4caa67f00000000000000c0110164db" ]
Found [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Found [l.47] : keyword = "babylon.com",
Found [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&AF=111434&tt=290312_bexdll&babsrc=SP_ss&mntrId=d4caa67f00000000000000c0110164db",
Found [l.1852] : homepage = "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_ss&mntrId=d4caa67f00000000000000c0110164db",
Found [l.2322] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_ss&mntrId=d4caa67f00000000000000c0110164db" ]

*************************

AdwCleaner[R1].txt - [11635 octets] - [04/12/2012 19:35:48]

########## EOF - C:\AdwCleaner[R1].txt - [11696 octets] ##########

#8 Příspěvek od **vyosek** » 04 pro 2012 20:08

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

pedrosadc · #9 Příspěvek od **pedrosadc** » 04 pro 2012 20:37

přidávám poslední log.
I po restartu zatím problém přetrvává, vyskakuje okno exploreru jestli chci zobrazit stažené soubory.

# AdwCleaner v2.011 - Logfile created 12/04/2012 at 20:28:03
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Jirik - BRESSER
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jirik\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\searchplugins\search.xml
Folder Deleted : C:\Program Files\HyperCam Toolbar
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Jirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Jirik\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Jirik\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Jirik\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic
Folder Deleted : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Deleted : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/hypercam/{5AB7F37D-F ... 890E23A054} --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6 (cs)

Profile name : default
File : C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\prefs.js

C:\Users\Jirik\AppData\Roaming\Mozilla\Firefox\Profiles\cr25wpta.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d4caa67f00000000000000c0110164db");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "d4caa67f00000000000000c0110164db");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15428");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:36:24");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=NT_ss&mntr[...]
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=KW_ss&mntrId=d4c[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Jirik\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_ss&mntrId=d4caa67f000[...]
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=H[...]
Deleted [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.47] : keyword = "babylon.com",
Deleted [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&AF=111434&tt=290312_bexdll&babsrc=SP[...]
Deleted [l.1852] : homepage = "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_ss&mntrId=d4caa67f000000[...]
Deleted [l.2322] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=116987&tt=4612_8&babsrc=HP_s[...]

*************************

AdwCleaner[R1].txt - [11766 octets] - [04/12/2012 19:35:48]
AdwCleaner[R2].txt - [11827 octets] - [04/12/2012 20:27:53]
AdwCleaner[S1].txt - [11700 octets] - [04/12/2012 20:28:03]

########## EOF - C:\AdwCleaner[S1].txt - [11761 octets] ##########

#10 Příspěvek od **vyosek** » 04 pro 2012 20:42

Dejte mi sem prosim screen toho okna

pedrosadc · #11 Příspěvek od **pedrosadc** » 04 pro 2012 20:47

v přiloze

#12 Příspěvek od **vyosek** » 04 pro 2012 23:05

Stahnete Deckard's Association File Tool http://vyosek.ic.cz/BE/daft.exe

Ulozte nejlepe na plochu a spustte
Klikne na Scan, probehne hledani
Nasledne kliknete na Save Log, ulozte log daft.txt a dejte jej sem

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

pedrosadc · #13 Příspěvek od **pedrosadc** » 05 pro 2012 18:22

Přidávám další vypisy, ten druhý soubor by raktor scr, nevím jak spustit.

DAFT Log saved on 2012-12-05 18:20:29
-----------------------------------------------------------------------
.chm - chm.file - shell\open\command - "%SystemRoot%\hh.exe" %1
.hlp - hlpfile - shell\open\command - %SystemRoot%\winhlp32.exe %1
.reg - regfile - shell\edit\command - %SystemRoot%\system32\notepad.exe "%1"
.vbs - VBSFile - shell\edit\command - "%SystemRoot%\System32\Notepad.exe" %1

exeHelper by Raktor
Build 20100414
Run at 17:52:18 on 12/05/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Farbar Service Scanner Version: 04-12-2012
Ran by Jirik (administrator) on 05-12-2012 at 18:08:54
Running from "C:\Users\Jirik\Downloads"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-11-16 20:01] - [2012-10-03 17:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#14 Příspěvek od **vyosek** » 05 pro 2012 20:55

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

pedrosadc · #15 Příspěvek od **pedrosadc** » 05 pro 2012 21:54

logy
RogueKiller V8.3.1 [Dec 5 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Jirik [Práva správce]
Mód : Kontrola -- Datum : 12/05/2012 21:02:24

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] mHotkey.exe -- C:\Windows\mHotkey.exe -> SMAZÁNO [TermProc]
[SUSP PATH] ChiFuncExt.exe -- C:\Windows\ChiFuncExt.exe -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 17 ¤¤¤
[TASK][SUSP PATH] MHotkey : C:\Windows\mHotkey.exe -> NALEZENO
[TASK][SUSP PATH] {35424EC4-3F2B-48F9-9CBD-68BDFA4866D3} : C:\Users\Jirik\Desktop\game.exe -> NALEZENO
[TASK][SUSP PATH] {AF791B8A-662C-477E-95C0-BF2B708D1242} : C:\Users\Jirik\Desktop\worms-armagedon-originalni-plna-verze\Worms armagedon\clokspl.exe -> NALEZENO
[TASK][SUSP PATH] {BB8A22DA-1109-4C9B-AE62-AD1D6CBD36C8} : C:\Users\Jirik\Desktop\Terraria\Content\Terraria (2).exe -> NALEZENO
[TASK][SUSP PATH] {DB8B0F88-6435-4734-A0BA-047E7E6142FD} : C:\Users\Jirik\Desktop\MinecraftSP.exe -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8719D1F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8719D1F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8719D1F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8719D1F8)
IRP[IRP_MJ_POWER] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8719D1F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8719D1F8)
IRP[IRP_MJ_PNP] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x8719D1F8)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500KS-00MJB0 ATA Device +++++
--- User ---
[MBR] ff8f16edbd9cd0548426705f5a3501cb
[BSP] 9f66ff33894a263a4072d5a31fa7ce94 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 61499 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 125951616 | Size: 176974 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[4]_S_12052012_02d2102.txt >>
RKreport[1]_S_12052012_02d2101.txt ; RKreport[2]_S_12052012_02d2101.txt ; RKreport[3]_S_12052012_02d2102.txt ; RKreport[4]_S_12052012_02d2102.txt

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.05.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jirik :: BRESSER [administrátor]

Ochrana: Povolena

5.12.2012 21:06:36
mbam-log-2012-12-05 (21-52-26).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 409412
Uplynulý čas: 42 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip (PUP.Adware.Gotclip.ScamLotto) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
D:\Program Files\GotClip\Uninstall.exe (PUP.Adware.Gotclip.ScamLotto) -> Žádná instrukce nebyla provedena.

(konec)

VIRY.CZ

Vše spouští explorer - kontrola logu

Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu

Re: Vše spouští explorer - kontrola logu