prosím o kontrolu logu

[Roli]

Tohle nee, ten text musí být do toho okna nakopírován naprosto přesně, jinak to nefunguje.

Tak že znovu podle návodu a pořádně.

[vavacech]

Po restartování mě to odpojí od netu a musím se vrátit v systému na zpět.
Tady je ten log z OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\CommonInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search scheduled to be moved on reboot.
File/Folder C:\Program Files\facemoods.com not found.
File/Folder C:\Program Files\Ad-Aware Antivirus not found.
File/Folder C:\Program Files\AVG Secure Search not found.
File/Folder C:\Program Files\MCAFEE~1 not found.
Folder move failed. C:\Program Files\GridinSoft Trojan Killer\logs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\GridinSoft Trojan Killer scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Rules scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Quarantine scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Logs scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\History scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\FW History scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Events scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Downloads scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft scheduled to be moved on reboot.
C:\Windows\system32\drivers\sbtis.sys moved successfully.
C:\Windows\system32\drivers\sbhips.sys moved successfully.
C:\Windows\system32\drivers\SbFwIm.sys moved successfully.
C:\Windows\system32\drivers\SbFw.sys moved successfully.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081533.817557PID3944 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081518.576331PID3652 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081515.035124PID3988 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120213T145643.164927PID2716 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120212T163932.149800PID3652 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus scheduled to be moved on reboot.
Folder move failed. C:\Windows\AutoKMS scheduled to be moved on reboot.
File/Folder C:\Windows\system32\drivers\SBREdrv.sys not found.
Folder move failed. C:\ProgramData\Avira scheduled to be moved on reboot.
C:\Windows\system32\drivers\avgntflt.sys moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBRegRebootCleaner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk\ deleted successfully.
========== SERVICES/DRIVERS ==========
Error: Unable to stop service SbFw!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SbFw deleted successfully.
Error: Unable to stop service SbTis!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SbTis deleted successfully.
Error: Unable to stop service SBFWIMCLMP!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBFWIMCLMP deleted successfully.
Service SBRE stopped successfully!
Service SBRE deleted successfully!
Service SBFWIMCL stopped successfully!
Service SBFWIMCL deleted successfully!
Service sbhips stopped successfully!
Service sbhips deleted successfully!
Service vToolbarUpdater stopped successfully!
Service vToolbarUpdater deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: celbrv
->Temp folder emptied: 74054541 bytes
->Temporary Internet Files folder emptied: 3316300 bytes
->Java cache emptied: 39493 bytes
->FireFox cache emptied: 228509937 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 754 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528162 bytes
RecycleBin emptied: 389621 bytes

Total Files Cleaned = 293,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 03132012_181543

Files moved on Reboot...
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\CommonInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\8.0.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search\CommonInstaller scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\AVG Secure Search scheduled to be moved on reboot.
Folder move failed. C:\Program Files\GridinSoft Trojan Killer\logs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\GridinSoft Trojan Killer\logs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\GridinSoft Trojan Killer scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Rules scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Quarantine scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Logs scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\History scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\FW History scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Events scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Downloads scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Rules scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Quarantine scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Logs scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\History scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\FW History scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Events scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Downloads scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Rules scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Quarantine scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Logs scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\History scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\FW History scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Events scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware\Downloads scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft\AntiMalware scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Lavasoft scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081533.817557PID3944 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081518.576331PID3652 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081515.035124PID3988 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120213T145643.164927PID2716 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120212T163932.149800PID3652 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081533.817557PID3944 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081518.576331PID3652 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081515.035124PID3988 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120213T145643.164927PID2716 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120212T163932.149800PID3652 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081533.817557PID3944 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081518.576331PID3652 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120225T081515.035124PID3988 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120213T145643.164927PID2716 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs\20120212T163932.149800PID3652 scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus\Logs scheduled to be moved on reboot.
Folder move failed. C:\Users\celbrv\AppData\Roaming\Ad-Aware Antivirus scheduled to be moved on reboot.
Folder move failed. C:\Windows\AutoKMS scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Avira scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Roli]

Nyní mi sem dej aktuální log.txt z Rsit.

[vavacech]

Logfile of random's system information tool 1.09 (written by random/random)
Run by celbrv at 2012-03-14 16:17:08
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 64 GB (64%) free of 100 GB
Total RAM: 3070 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:17:22, on 14.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
F:\PROGRAMY\čištění\RSIT.exe
C:\Program Files\trend micro\celbrv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0F189F2-65EE-4552-9341-14719CA078A1}: NameServer = 10.255.255.10,10.255.255.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{E0F189F2-65EE-4552-9341-14719CA078A1}: NameServer = 10.255.255.10,10.255.255.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{E0F189F2-65EE-4552-9341-14719CA078A1}: NameServer = 10.255.255.10,10.255.255.20
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswUpdSv - Unknown owner - (no file)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 4615 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\celbrv\AppData\Roaming\Mozilla\Firefox\Profiles\ic57syae.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49, cs@dictionaries.addons.mozilla.org:1.0.2, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2, {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1, {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009, ietab@ip.cn:1.98.20110322, {75623d5d-4683-402a-b610-ac4bab767c86}:3.2.0, {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1, googletube@googletube.com:2.0.2, bkmrksync@nokia.com:1.0.0.732, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, maps@ovi.com:4.0.12.12, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16, {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10"
prefs.js - "keyword.URL" - "http://www.crawler.com/search/dispatche ... 60421&qkw="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\celbrv\AppData\Roaming\Mozilla\Firefox\Profiles\ic57syae.default\extensions\
cs@dictionaries.addons.mozilla.org
ietab@ip.cn
maps@ovi.com
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
{75623d5d-4683-402a-b610-ac4bab767c86}
{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
{AA994882-F391-4d2e-806F-8908DA4814ED}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\celbrv\AppData\Roaming\Mozilla\Firefox\Profiles\ic57syae.default\searchplugins\
avg-secure-search.xml
daemon-search.xml
kikin-search.xml
mapycz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-08-16 10820200]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-12-05 343168]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-02-23 4031368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2011-03-08 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods]
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe /md I []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /starttray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBRegRebootCleaner]
C:\Program Files\Ad-Aware Antivirus\Engine\SBRC.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2011-03-08 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\steam.exe [2011-11-29 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files\AVG Secure Search\vprot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-13 18:39:47 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-13 18:39:47 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-13 18:39:47 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-13 18:39:45 ----A---- C:\Windows\system32\rdpcorets.dll
2012-03-13 18:39:45 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-13 18:39:44 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-13 18:39:44 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-13 18:15:43 ----D---- C:\_OTM
2012-03-13 17:48:37 ----A---- C:\Windows\ntbtlog.txt
2012-03-04 14:04:34 ----D---- C:\Users\celbrv\AppData\Roaming\Apple Computer
2012-03-03 22:48:31 ----D---- C:\ProgramData\AltrixSoft
2012-03-03 22:48:18 ----D---- C:\Program Files\Common Files\AltrixSoft
2012-03-03 17:13:36 ----D---- C:\Program Files\GridinSoft Trojan Killer
2012-03-03 16:58:51 ----D---- C:\Program Files\CCleaner
2012-03-03 16:33:34 ----D---- C:\Program Files\trend micro
2012-03-03 16:33:33 ----D---- C:\rsit
2012-03-03 15:22:32 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-03-03 15:22:32 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-03-03 15:22:29 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-03-03 15:22:28 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-03-03 15:22:28 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-03 15:22:10 ----A---- C:\Windows\system32\aswBoot.exe
2012-03-02 23:01:23 ----D---- C:\Users\celbrv\AppData\Roaming\Win7codecs
2012-03-02 18:18:50 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-03-02 18:18:49 ----D---- C:\ProgramData\Avira
2012-03-01 16:33:13 ----D---- C:\Program Files\AVAST Software
2012-02-29 17:44:04 ----A---- C:\Windows\system32\TURegOpt.exe
2012-02-29 17:44:04 ----A---- C:\Windows\system32\authuitu.dll
2012-02-29 17:43:51 ----D---- C:\Program Files\TuneUp Utilities 2012
2012-02-28 18:21:15 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-02-28 17:35:00 ----A---- C:\Windows\system32\MFC71.dll
2012-02-26 09:40:30 ----D---- C:\Program Files\Common Files\Skype
2012-02-16 16:21:51 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-16 16:21:44 ----A---- C:\Windows\system32\shell32.dll
2012-02-16 16:21:44 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-16 16:21:30 ----A---- C:\Windows\system32\mshtml.dll
2012-02-16 16:21:26 ----A---- C:\Windows\system32\ieframe.dll
2012-02-16 16:21:25 ----A---- C:\Windows\system32\urlmon.dll
2012-02-16 16:21:23 ----A---- C:\Windows\system32\wininet.dll
2012-02-16 16:21:22 ----A---- C:\Windows\system32\msfeeds.dll
2012-02-16 16:21:21 ----A---- C:\Windows\system32\ieui.dll
2012-02-16 16:21:21 ----A---- C:\Windows\system32\iertutil.dll
2012-02-16 16:21:20 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-16 16:21:19 ----A---- C:\Windows\system32\url.dll
2012-02-16 16:21:19 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-16 16:21:11 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2012-03-14 16:17:14 ----D---- C:\Windows\Temp
2012-03-14 16:16:14 ----D---- C:\Windows\system32\catroot
2012-03-14 16:12:13 ----D---- C:\Windows\system32\config
2012-03-14 16:12:12 ----D---- C:\Windows\winsxs
2012-03-14 16:10:47 ----D---- C:\Windows\system32\drivers
2012-03-14 16:10:47 ----D---- C:\Windows\System32
2012-03-13 18:57:29 ----SHD---- C:\Windows\Installer
2012-03-13 18:57:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-13 18:56:59 ----D---- C:\Windows\inf
2012-03-13 18:56:55 ----RSD---- C:\Windows\assembly
2012-03-13 18:52:54 ----SHD---- C:\System Volume Information
2012-03-13 18:39:37 ----D---- C:\Windows\system32\catroot2
2012-03-13 18:35:13 ----D---- C:\Windows\Tasks
2012-03-13 18:35:13 ----D---- C:\Windows\system32\wfp
2012-03-13 18:35:12 ----D---- C:\Windows\system32\wbem
2012-03-13 18:35:12 ----D---- C:\Windows
2012-03-13 18:34:28 ----D---- C:\Windows\system32\NDF
2012-03-13 18:34:28 ----D---- C:\Windows\system32\DriverStore
2012-03-13 18:34:27 ----D---- C:\Windows\AutoKMS
2012-03-13 18:34:27 ----D---- C:\Users\celbrv\AppData\Roaming\GHISLER
2012-03-13 18:34:26 ----D---- C:\Windows\registration
2012-03-13 18:34:26 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-03-13 18:34:26 ----D---- C:\Program Files\Common Files
2012-03-13 17:26:06 ----D---- C:\Windows\system32\Tasks
2012-03-13 17:26:06 ----D---- C:\Windows\system32\DRVSTORE
2012-03-13 17:26:05 ----D---- C:\Windows\system32\drivers\UMDF
2012-03-13 17:26:05 ----D---- C:\Windows\system32\CodeIntegrity
2012-03-13 17:26:05 ----D---- C:\Windows\AppCompat
2012-03-13 17:26:04 ----D---- C:\Users\celbrv\AppData\Roaming\Winamp
2012-03-13 17:26:04 ----D---- C:\Users\celbrv\AppData\Roaming\IrfanView
2012-03-13 17:26:03 ----D---- C:\Program Files\PC Connectivity Solution
2012-03-13 17:26:01 ----D---- C:\Program Files\Nokia
2012-03-13 17:26:01 ----D---- C:\Program Files\Common Files\Nokia
2012-03-13 17:25:38 ----D---- C:\Users\celbrv\AppData\Roaming\Skype
2012-03-13 17:25:37 ----D---- C:\Users\celbrv\AppData\Roaming\Nokia
2012-03-13 17:25:14 ----RD---- C:\Program Files
2012-03-11 17:14:32 ----D---- C:\Users\celbrv\AppData\Roaming\Nokia Suite
2012-03-11 16:49:02 ----D---- C:\Windows\Prefetch
2012-03-11 09:41:34 ----D---- C:\Windows\ShellNew
2012-03-11 09:41:28 ----RSD---- C:\Windows\Fonts
2012-03-11 09:41:22 ----SD---- C:\ProgramData\Microsoft
2012-03-11 09:41:22 ----RD---- C:\Program Files\Skype
2012-03-11 09:41:22 ----D---- C:\ProgramData\Microsoft Help
2012-03-11 09:41:22 ----D---- C:\Program Files\MSBuild
2012-03-11 09:41:22 ----D---- C:\Program Files\Microsoft.NET
2012-03-11 09:41:22 ----D---- C:\Program Files\Microsoft Visual Studio 8
2012-03-11 09:41:22 ----D---- C:\Program Files\Microsoft Synchronization Services
2012-03-11 09:41:22 ----D---- C:\Program Files\Microsoft Sync Framework
2012-03-11 09:41:22 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-03-11 09:41:20 ----D---- C:\Program Files\Microsoft Office
2012-03-11 09:41:20 ----D---- C:\Program Files\Microsoft Analysis Services
2012-03-11 09:41:20 ----D---- C:\Program Files\Common Files\microsoft shared
2012-03-11 09:41:17 ----D---- C:\Program Files\Common Files\DESIGNER
2012-03-11 09:41:16 ----RHD---- C:\MSOCache
2012-03-11 09:41:08 ----D---- C:\Windows\Microsoft.NET
2012-03-03 22:48:31 ----HD---- C:\ProgramData
2012-03-03 17:44:03 ----D---- C:\Program Files\Google
2012-03-03 17:04:53 ----D---- C:\Users\celbrv\AppData\Roaming\uTorrent
2012-03-03 17:04:53 ----D---- C:\Users\celbrv\AppData\Roaming\DAEMON Tools Lite
2012-03-03 17:04:53 ----D---- C:\Program Files\Steam
2012-03-03 17:04:45 ----D---- C:\Windows\Panther
2012-03-03 17:04:45 ----D---- C:\Windows\Logs
2012-03-03 17:04:45 ----D---- C:\Windows\debug
2012-03-03 15:25:16 ----D---- C:\ProgramData\AVAST Software
2012-03-02 23:01:23 ----D---- C:\ProgramData\Win7codecs
2012-03-02 18:45:20 ----D---- C:\Windows\system32\LogFiles
2012-03-01 17:23:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-02-28 16:38:00 ----D---- C:\ProgramData\Skype
2012-02-28 16:37:58 ----D---- C:\ProgramData\Malwarebytes
2012-02-23 09:18:36 ----N---- C:\Windows\system32\MpSigStub.exe
2012-02-21 16:28:13 ----D---- C:\Windows\system32\wdi
2012-02-18 10:21:04 ----D---- C:\Program Files\Mozilla Firefox
2012-02-17 16:18:09 ----D---- C:\Windows\system32\migration
2012-02-17 16:18:09 ----D---- C:\Program Files\Internet Explorer
2012-02-17 16:18:04 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-16 18:27:38 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-03-08 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-11-12 428088]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-02-23 610648]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-02-23 337112]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-02-23 53848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2011-03-08 388096]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2011-04-05 221784]
R1 SbTis;SbTis; C:\Windows\system32\drivers\sbtis.sys [2011-04-05 78936]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-02-23 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-02-23 57688]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 9067008]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-12-06 264192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-08-16 3648424]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-01 393320]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-09 10064]
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 9067008]
S3 atitql77;atitql77; C:\Windows\system32\drivers\atitql77.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [2011-03-08 62464]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2011-03-08 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2011-03-08 15872]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2011-03-08 5632]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service; C:\Windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
S3 sbhips;sbhips; C:\Windows\system32\drivers\sbhips.sys [2011-04-05 94040]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2011-03-08 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2011-03-08 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\DRIVERS\terminpt.sys [2011-03-08 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2011-03-08 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2011-03-08 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2011-03-08 112640]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2011-03-08 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [2011-03-08 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2011-03-08 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2011-03-08 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-12-06 163328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-02-23 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-02-09 1529152]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-15 158856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-24 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-17 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-17 136176]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PCSUService;PC Speed Up Service; C:\Program Files\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-12-10 419624]
S4 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-12-11 246600]

-----------------EOF-----------------

[Roli]

Nic není smazáno a nelegální produkt Microsoftu včetně cracku je zpátky.

Tak že já nevím co s tebou.

[vavacech]

Nic není smazáno a nelegální produkt Microsoftu včetně cracku je zpátky.

Tak že já nevím co s tebou.

Udělal jsem všechno tak jak si napsal,předtím jsem odinstaloval M.OFFICE jak si požadoval.Fixnul jsem ty položky v HJT ale musel jsem to dělat v nouzovém režimu jinak to nešlo.Do OTM jsem zkopíroval ten text ale po restartu mi vypadl Net,tak jsem se musel vrátit v systému aby mi šel Net.Teď jsem se díval do programů a žádný OFFice tam není tak ho nemůžu znova vymazat.A jestli si myslíš že jsem ho znovu nainstaloval,tak zas až takový blbec nejsem.Myslel jsem že tu radíte právě takovým lamám jak jsem ja. Díky za tvůj čas který jsi se mnou strávil.Zatím ahoj.

[Roli]

A jestli si myslíš že jsem ho znovu nainstaloval,tak zas až takový blbec nejsem.Myslel jsem že tu radíte právě takovým lamám jak jsem ja. Díky za tvůj čas který jsi se mnou strávil.Zatím ahoj.

Už jsem se setkal s ledasčím a u tvého PC nejsem tak nevím co se tam děje.


Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[vavacech]

ComboFix 12-03-16.03 - celbrv 16.03.2012 16:33:16.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3070.2125 [GMT 1:00]
Spuštěný z: c:\users\celbrv\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\celbrv\AppData\Local\TempDIR
c:\users\celbrv\AppData\Local\TempDIR\BetterInstaller.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-16 do 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 15:40 . 2012-03-16 15:41 -------- d-----w- c:\users\celbrv\AppData\Local\temp
2012-03-16 15:40 . 2012-03-16 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 14:54 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BECF99B7-1307-43C3-8376-96BCB247EBA2}\mpengine.dll
2012-03-14 17:51 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 17:51 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:16 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:16 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 17:39 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:39 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:39 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:39 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 17:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:39 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:39 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 09:20 . 2012-03-11 09:20 388096 ----a-r- c:\users\celbrv\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-04 13:12 . 2012-03-04 13:12 -------- d-----w- c:\users\celbrv\AppData\Local\Apple Computer
2012-03-04 13:04 . 2012-03-04 13:04 -------- d-----w- c:\users\celbrv\AppData\Roaming\Apple Computer
2012-03-03 21:48 . 2012-03-03 21:48 -------- d-----w- c:\programdata\AltrixSoft
2012-03-03 21:48 . 2012-03-03 23:08 -------- d-----w- c:\program files\Common Files\AltrixSoft
2012-03-03 16:13 . 2012-03-13 17:34 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-03 15:58 . 2012-03-03 15:58 -------- d-----w- c:\program files\CCleaner
2012-03-03 15:33 . 2012-03-15 15:31 -------- d-----w- c:\program files\trend micro
2012-03-03 14:22 . 2012-02-23 16:12 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-03 14:22 . 2012-02-23 16:10 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-03 14:22 . 2012-02-23 16:10 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-03 14:22 . 2012-02-23 16:12 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-03 14:22 . 2012-02-23 16:10 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-03 14:22 . 2012-02-23 16:23 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-02 22:01 . 2012-03-02 22:01 -------- d-----w- c:\users\celbrv\AppData\Roaming\Win7codecs
2012-03-02 17:18 . 2009-02-13 10:31 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-02 17:18 . 2012-03-02 21:53 -------- d-----w- c:\programdata\Avira
2012-03-01 15:33 . 2012-03-03 14:25 -------- d-----w- c:\program files\AVAST Software
2012-02-29 16:44 . 2012-02-09 13:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-29 16:44 . 2012-02-09 13:13 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-02-29 16:43 . 2012-02-29 16:44 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-02-28 17:21 . 2012-02-23 16:10 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-28 16:35 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2012-02-26 08:40 . 2012-03-11 08:41 -------- d-----w- c:\program files\Common Files\Skype
2012-02-16 15:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:23 . 2011-09-24 19:54 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 08:18 . 2011-09-24 19:22 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-27 10:44 . 2011-09-24 21:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-18 09:21 . 2011-09-24 19:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2011-03-08 14:08 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-29 19:08 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-08 62464]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-08 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-08 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-08 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-08 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-08 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-08 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-24 1343400]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-17 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-17 136176]
R4 PCSUService;PC Speed Up Service;c:\program files\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R4 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-12-10 246600]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 163328]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 57688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-02-09 1529152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 9067008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 264192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-01 393320]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-09 10064]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TUNEUPUTILITIESDRV
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-17 09:47]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-17 09:47]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{E0F189F2-65EE-4552-9341-14719CA078A1}: NameServer = 10.255.255.10,10.255.255.20
FF - ProfilePath - c:\users\celbrv\AppData\Roaming\Mozilla\Firefox\Profiles\ic57syae.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60421&qkw=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt - somoto
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5c7b33d7000000000000001a4d932fac
FF - user.js: extensions.BabylonToolbar_i.hardId - 5c7b33d7000000000000001a4d932fac
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15374
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb5
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-SBRegRebootCleaner - c:\program files\Ad-Aware Antivirus\Engine\SBRC.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-498613359.www.pcspeedup.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-03-16 16:43:08
ComboFix-quarantined-files.txt 2012-03-16 15:43
.
Před spuštěním: Volných bajtů: 65 694 621 696
Po spuštění: Volných bajtů: 65 455 722 496
.
- - End Of File - - 2E5951F26D72DD113298FBD40396AE89

Ještě jedna věc ten OFFICE tu mám ale není tam uninstal a v panelu na odinstalování programů není,jak ho mám dostat pryč?

[Roli]

K těm Office, zkusíme je odmáznout i s tím nepořádkem.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\drivers\SBREdrv.sys
c:\windows\system32\DRIVERS\sbfwim.sys
c:\windows\system32\drivers\sbhips.sys
c:\windows\system32\drivers\SbFw.sys
c:\windows\system32\drivers\sbtis.sys

Folder::
c:\program files\GridinSoft Trojan Killer
c:\programdata\Avira
c:\program files\Ad-Aware Antivirus
c:\program files\Microsoft Office
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform
c:\program files\Common Files\AVG Secure Search

Registry::
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

Driver::
SBRE
Microsoft SharePoint Workspace Audit Service
osppsvc
SBFWIMCL
sbhips
vToolbarUpdater
SbFw
SbTis
SBFWIMCLMP

FireFox::
FF - ProfilePath - c:\users\celbrv\AppData\Roaming\Mozilla\Firefox\Profiles\ic57syae.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60421&qkw=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[vavacech]

Tak nevím,ten můj počítač je opravdu nějaký divný Udělal jsem to přesně podle tvé rady ale nemohl jsem nastartovat internet,I když jsem v nouzovém režimu dal poslední dobrou konfiguraci, znovu jsem se přihlásil ale brána se mi vždy vymazala tak jsem se musel opět vrátit v systému na zpět Tak si myslím že asi budu muset přeinstalovat Windowsi že to bude asi nejednoduší způsob.Tak díky za snahu

[Roli]

Tak si myslím že asi budu muset přeinstalovat Windowsi že to bude asi nejednoduší způsob

Někdy je to i rychlejší, jen upozorňuji, necpi si tam jedno zabezpečení přes druhé !!!

Z toho by právě mohlo být více problémů než užitku.

Tak díky za snahu

Není zač.

[vavacech]

Tak si myslím že asi budu muset přeinstalovat Windowsi že to bude asi nejednoduší způsob

Někdy je to i rychlejší, jen upozorňuji, necpi si tam jedno zabezpečení přes druhé !!!

Z toho by právě mohlo být více problémů než užitku.

Tak díky za snahu

Není zač.

Dám si pozor a ještě jednou dík

[Roli]

Ještě jednou není zač