pomalejší ntb+problém s shockwave player

Zpráva

SGC · #1 Příspěvek od **SGC** » 14 srp 2012 21:56

V notebooku se mi ted programy o něco pomaleji otevírají. V shockwave playeru nemůžu použít chat, jedině v IE a to ještě jen na chvíli. Díky za pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by freekarol at 2012-08-14 22:52:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 233 GB (40%) free of 590 GB
Total RAM: 3552 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:58, on 14.8.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
C:\Users\Karol\Software\Portable Programs\32\Údržba\RAM\memBoost-1-7-9-1798\memBoost-1-7-9-1798\memBoost.exe
C:\Program Files\MY PROGRAM FILES\Security\Antivir\AvastUI.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Users\freekarol\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\Program Files (x86)\MY PROGRAM FILES (x86)\Security\Antivir\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Karol\Software\Portable Programs\32\Web Browsers\OperaPortable_11.64\OperaPortable_11.64\opera.exe
C:\Users\Karol\Software\Portable Programs\32\Notes\TheGuidePortable\TheGuidePortable.exe
C:\Users\Karol\Software\Portable Programs\32\Notes\TheGuidePortable\App\TheGuide\Guide.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrvPXDiscrete.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files\trend micro\freekarol.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112842 ... b70d484192
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\MY PROGRAM FILES (x86)\Java\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\MY PROGRAM FILES\Security\Antivir\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\MY PROGRAM FILES (x86)\Java\bin\jp2ssv.dll
O2 - BHO: FreeOnlineRadioPlayerRecorder - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\MY PROGRAM FILES\Security\Antivir\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\MY PROGRAM FILES\Security\Antivir\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\MY PROGRAM FILES (x86)\IM´s\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Rizone Memory Booster.lnk = ?
O4 - Startup: taskmgr – zástupce.lnk = C:\Windows\System32\taskmgr.exe
O4 - Startup: tbhcn.lnk = freekarol\AppData\Roaming\BrowserCompanion\tbhcn.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MYPROG~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MYPROG~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout s Mipony - file://C:\Program Files (x86)\MY PROGRAM FILES (x86)\Downloaders\MiPony\Browser\IEContext.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E8772A4-7E3D-441F-927D-6096907C0B24}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\guard32.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\MY PROGRAM FILES\Security\Antivir\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\MY PROGRAM FILES\Security\Firewall\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtlISMServ - Realtek - C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 16526 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"C:\Program Files\MY PROGRAM FILES\Security\Firewall\COMODO\COMODO Internet Security\cmdagent.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
"C:\Program Files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieSvc.exe"
C:\windows\system32\vcsFPService.exe
"C:\Program Files\MY PROGRAM FILES\Security\Antivir\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 37446576
\??\C:\windows\system32\conhost.exe "828091181436314801291973694-8621893271135004812-1924414042441579168-1787378725
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe"
"C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 3156
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
atieclxx
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\MY PROGRAM FILES\Security\Firewall\COMODO\COMODO Internet Security\cfp.exe" -h
"C:\Program Files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieCtrl.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
"C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe"
"C:\Users\Karol\Software\Portable Programs\32\Údržba\RAM\memBoost-1-7-9-1798\memBoost-1-7-9-1798\memBoost.exe" /smin
"C:\Windows\System32\taskmgr.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\MY PROGRAM FILES\Security\Antivir\AvastUI.exe" /nogui
"C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
"C:\Users\freekarol\AppData\Roaming\BrowserCompanion\tbhcn.exe" -interval=10 -IEhome=0 -IEsearch=0 -FFhome=0 -FFsearch=0 -CHhome=0 -CHsearch=0 -pubId=ginyas_91 -affId=g91_sjul12
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\MY PROGRAM FILES (x86)\Security\Antivir\Malwarebytes' Anti-Malware\mbam.exe"
"taskhost.exe"
"C:\Users\Karol\Software\Portable Programs\32\Web Browsers\OperaPortable_11.64\OperaPortable_11.64\opera.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\NOTEPAD.EXE" C:\Users\freekarol\Desktop\mbam-log-2012-08-14 (19-25-24).txt
"C:\Program Files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASCORE64.EXE"
"C:\Program Files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SUPERAntiSpyware.exe"
"C:\Users\Karol\Software\Portable Programs\32\Notes\TheGuidePortable\TheGuidePortable.exe" "C:\Users\Karol\Desktop\COMP TIME.gde"
"C:\Users\Karol\Software\Portable Programs\32\Notes\TheGuidePortable\App\TheGuide\Guide.exe" "C:\Users\Karol\Desktop\COMP TIME.gde"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title> </Title><Text>Klávesa Caps Lock je zapnutá</Text><IconPath></IconPath><ID>529607085</ID><Path></Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrvPXDiscrete.exe" -h
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe" -h
"C:\Windows\System32\notepad.exe" C:\Users\freekarol\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 08-14-2012 - 22-28-31.log
"C:\Users\freekarol\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\HPCeeScheduleForfreekarol.job

=========Mozilla firefox=========

ProfilePath - C:\Users\freekarol\AppData\Roaming\Mozilla\Firefox\Profiles\y66fmwm3.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=112842 ... d484192&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\MY PROGRAM FILES (x86)\Docs\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\MY PROGRAM FILES (x86)\Java\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files (x86)\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\MY PROGRAM FILES (x86)\Codecs\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files (x86)\MY PROGRAM FILES (x86)\Codecs\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MYPROG~1\MICROS~1\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\MY PROGRAM FILES (x86)\Web Browsers\FireFox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\MY PROGRAM FILES (x86)\Web Browsers\FireFox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\MY PROGRAM FILES (x86)\Web Browsers\FireFox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\freekarol\AppData\Roaming\Mozilla\Firefox\Profiles\y66fmwm3.default\extensions\
bbrs_002@blabbers.com
netvideohunter@netvideohunter.com
{1392b8d2-5c05-419f-a8f6-b9f15a596612}
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
{5384767E-00D9-40E9-B72F-9CC39D655D6F}
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{f999a48b-1950-4d81-9971-79018f807b4b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\MY PROGRAM FILES\Security\Antivir\aswWebRepIE64.dll [2012-07-03 1387952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MYPROG~1\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-08-10 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MYPROG~1\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
SimpleAdblock Class - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll [2012-05-15 987928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
Browser Companion Helper - C:\Program Files (x86)\BrowserCompanion\jsloader.dll [2012-07-24 225584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-05-10 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\MY PROGRAM FILES (x86)\Java\bin\ssv.dll [2012-07-03 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\MY PROGRAM FILES\Security\Antivir\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
Browser Companion Helper Verifier - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll [2012-07-24 141104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-08-10 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-07-05 4018888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\iefdm2.dll [2012-05-14 231424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\MY PROGRAM FILES (x86)\Java\bin\jp2ssv.dll [2012-07-03 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
FreeOnlineRadioPlayerRecorder Toolbar - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
SimpleAdblock Class - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll [2012-05-15 863512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\MY PROGRAM FILES\Security\Antivir\aswWebRepIE64.dll [2012-07-03 1387952]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-08-10 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\MY PROGRAM FILES\Security\Antivir\aswWebRepIE.dll [2012-07-03 1160792]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-08-10 192144]
{f999a48b-1950-4d81-9971-79018f807b4b} - FreeOnlineRadioPlayerRecorder Toolbar - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-09-16 2828072]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-05-10 627360]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-05-10 379552]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-05-11 1128448]
"COMODO Internet Security"=C:\Program Files\MY PROGRAM FILES\Security\Firewall\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 9569096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"=C:\Program Files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieCtrl.exe [2012-06-17 694032]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
"Messenger (Yahoo!)"=C:\Program Files (x86)\MY PROGRAM FILES (x86)\IM´s\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\MY PROGRAM FILES\Microsoft Office\Office14\BCSSync.exe [2010-01-21 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2010-11-24 517456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2011-05-10 12277248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Users\freekarol\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPConnectionManager]
c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2011-05-23 103992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPowerAssistant]
C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2011-03-18 13880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\MY PROGRAM FILES (x86)\Security\Antivir\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~2\MYPROG~1\IMS~1\Yahoo\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MfeEpePcMonitor]
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [2011-05-24 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files\MY PROGRAM FILES\Microsoft Office\Office14\MSOSYNC.EXE [2010-01-16 907136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-04-22 658424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^freekarol^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KillSkypeHome.lnk]
C:\Users\freekarol\Downloads\KillSkypeHome.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^freekarol^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~2\MYPROG~1\VIRTUA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^freekarol^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiSkypeLauncher.lnk]
C:\PROGRA~2\MYPROG~1\IMS~1\MULTIS~1\MULTIS~1.EXE [2011-06-13 114176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^freekarol^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MYPROG~1\MICROS~1\Office14\ONENOTEM.EXE [2010-01-21 243072]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2011-05-14 318520]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-26 343168]
""= []
"HPQuickWebProxy"=c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-11-21 169528]
"avast"=C:\Program Files\MY PROGRAM FILES\Security\Antivir\avastUI.exe [2012-07-03 4273976]
"PlusService"=C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [2012-07-24 801792]
"MessengerPlusForSkypeService"=C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-07-25 119808]

C:\Users\freekarol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Rizone Memory Booster.lnk - C:\Users\Karol\Software\Portable Programs\32\Údržba\RAM\memBoost-1-7-9-1798\memBoost-1-7-9-1798\memBoost.exe
taskmgr – zástupce.lnk - C:\Windows\System32\taskmgr.exe
tbhcn.lnk - C:\Users\freekarol\AppData\Roaming\BrowserCompanion\tbhcn.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MYPROG~1\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=EpePcNp64
DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-08-14 22:52:39 ----D---- C:\Program Files\trend micro
2012-08-14 22:52:36 ----D---- C:\rsit
2012-08-14 19:42:34 ----D---- C:\Users\freekarol\AppData\Roaming\SUPERAntiSpyware.com
2012-08-14 19:42:01 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-08-13 23:19:51 ----D---- C:\Users\freekarol\AppData\Roaming\VMware
2012-08-13 19:10:09 ----A---- C:\windows\system32\drivers\VBoxDrv.sys
2012-08-13 19:09:54 ----DC---- C:\windows\system32\DRVSTORE
2012-08-13 19:09:54 ----A---- C:\windows\system32\drivers\VBoxUSBMon.sys
2012-08-13 15:46:51 ----D---- C:\ProgramData\VMware
2012-08-11 21:51:09 ----D---- C:\Program Files (x86)\Conduit
2012-08-11 21:51:05 ----D---- C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
2012-08-11 21:50:41 ----A---- C:\windows\SYSWOW64\NCTAudioRecord2.dll
2012-08-11 21:50:41 ----A---- C:\windows\SYSWOW64\NCTAudioPlayer2.dll
2012-08-11 21:50:40 ----A---- C:\windows\SYSWOW64\NCTWMAFile2.dll
2012-08-11 21:50:40 ----A---- C:\windows\SYSWOW64\NCTAudioFile2.dll
2012-08-11 21:50:40 ----A---- C:\windows\SYSWOW64\NCTAudioCDGrabber2.dll
2012-08-11 21:50:39 ----A---- C:\windows\SYSWOW64\NCTAudioInformation2.dll
2012-08-11 21:50:39 ----A---- C:\windows\SYSWOW64\msvcr70.dll
2012-08-11 21:50:39 ----A---- C:\windows\SYSWOW64\lame_enc.dll
2012-08-11 16:52:35 ----D---- C:\ProgramData\Messenger Plus! for Skype
2012-08-11 16:52:33 ----D---- C:\Users\freekarol\AppData\Roaming\BrowserCompanion
2012-08-11 16:52:32 ----D---- C:\Program Files (x86)\BrowserCompanion
2012-08-11 15:46:51 ----D---- C:\ProgramData\ashampoo
2012-08-11 01:15:16 ----D---- C:\ProgramData\Apple Computer
2012-08-11 01:15:12 ----A---- C:\windows\SYSWOW64\QTCF.dll
2012-08-11 00:51:59 ----SHD---- C:\Config.Msi
2012-08-11 00:49:00 ----A---- C:\windows\SYSWOW64\rmoc3260.dll
2012-08-11 00:49:00 ----A---- C:\windows\SYSWOW64\pndx5032.dll
2012-08-11 00:49:00 ----A---- C:\windows\SYSWOW64\pndx5016.dll
2012-08-11 00:48:57 ----A---- C:\windows\SYSWOW64\pncrt.dll
2012-08-11 00:48:56 ----A---- C:\windows\SYSWOW64\msvcp71.dll
2012-08-10 23:19:01 ----D---- C:\ProgramData\Messenger Plus!
2012-08-10 23:18:59 ----D---- C:\Program Files (x86)\Yuna Software
2012-08-10 18:57:03 ----D---- C:\ProgramData\Adobe
2012-08-10 18:56:56 ----D---- C:\Program Files (x86)\Adobe
2012-08-10 16:34:46 ----D---- C:\Program Files\Google
2012-08-10 16:34:38 ----D---- C:\ProgramData\Google
2012-08-10 16:34:05 ----D---- C:\Program Files (x86)\Google
2012-08-07 00:56:10 ----D---- C:\Downloads
2012-08-07 00:44:41 ----D---- C:\Users\freekarol\AppData\Roaming\Free Download Manager
2012-08-04 16:31:59 ----D---- C:\Users\freekarol\AppData\Roaming\Thunderbird
2012-08-01 17:48:58 ----D---- C:\ProgramData\FacebookDiscovery
2012-08-01 17:36:09 ----D---- C:\Users\freekarol\AppData\Roaming\Google
2012-08-01 16:32:38 ----A---- C:\Users\freekarol\AppData\Roaming\burnaware.ini
2012-07-30 23:50:55 ----D---- C:\Users\freekarol\AppData\Roaming\Pegtop
2012-07-30 22:03:53 ----D---- C:\ProgramData\Mozilla
2012-07-30 22:03:43 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-26 18:31:04 ----D---- C:\Users\freekarol\AppData\Roaming\FLEXnet
2012-07-24 17:56:04 ----D---- C:\pstart
2012-07-24 00:39:36 ----A---- C:\windows\SYSWOW64\msvcr71.dll
2012-07-24 00:39:36 ----A---- C:\windows\SYSWOW64\mfc71.dll
2012-07-24 00:39:36 ----A---- C:\windows\SYSWOW64\gdiplus.dll
2012-07-21 17:33:15 ----D---- C:\Users\freekarol\AppData\Roaming\Mipony
2012-07-21 17:33:00 ----A---- C:\user.js
2012-07-21 17:32:48 ----D---- C:\ProgramData\Babylon
2012-07-21 17:32:47 ----D---- C:\Users\freekarol\AppData\Roaming\Babylon
2012-07-20 00:32:44 ----AD---- C:\ProgramData\TEMP
2012-07-20 00:32:34 ----A---- C:\windows\system32\drivers\rsdrvx64.sys
2012-07-19 20:34:47 ----D---- C:\Users\freekarol\AppData\Roaming\.anki
2012-07-15 03:10:55 ----D---- C:\Program Files\Microsoft Office
2012-07-15 02:12:12 ----AH---- C:\ProgramData\ezsidmv.dat
2012-07-15 02:12:11 ----D---- C:\Users\freekarol\AppData\Roaming\skypePM
2012-07-15 01:38:51 ----D---- C:\windows\cs
2012-07-15 01:38:15 ----D---- C:\windows\en
2012-07-15 01:38:05 ----D---- C:\windows\hr
2012-07-15 01:37:55 ----D---- C:\windows\sk
2012-07-15 01:37:44 ----D---- C:\windows\sl
2012-07-15 01:17:51 ----D---- C:\ProgramData\Yahoo!
2012-07-15 01:11:22 ----D---- C:\Program Files (x86)\Yahoo!
2012-07-15 00:08:01 ----RD---- C:\Program Files (x86)\Skype

======List of files/folders modified in the last 1 month======

2012-08-14 22:52:39 ----RD---- C:\Program Files
2012-08-14 22:23:34 ----D---- C:\windows\Temp
2012-08-14 21:59:28 ----D---- C:\Users\freekarol\AppData\Roaming\Skype
2012-08-14 20:45:17 ----SHD---- C:\windows\Installer
2012-08-14 19:42:57 ----D---- C:\windows\system32\Tasks
2012-08-14 19:42:56 ----D---- C:\windows\Tasks
2012-08-14 19:42:34 ----HD---- C:\ProgramData
2012-08-14 14:51:00 ----D---- C:\Program Files (x86)\Common Files
2012-08-14 14:50:37 ----SHD---- C:\System Volume Information
2012-08-14 10:37:51 ----D---- C:\windows\system32\config
2012-08-13 23:21:26 ----D---- C:\windows\SysWOW64
2012-08-13 23:20:54 ----D---- C:\windows\system32\DriverStore
2012-08-13 23:20:54 ----D---- C:\windows\system32\catroot
2012-08-13 23:20:53 ----D---- C:\windows\inf
2012-08-13 23:20:52 ----D---- C:\windows\system32\drivers
2012-08-13 23:20:46 ----D---- C:\windows\System32
2012-08-13 23:20:15 ----D---- C:\Program Files\Common Files
2012-08-13 23:19:31 ----D---- C:\Program Files (x86)
2012-08-13 20:59:50 ----D---- C:\windows\system32\NDF
2012-08-13 15:47:19 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2012-08-13 15:42:59 ----D---- C:\Program Files\MY PROGRAM FILES
2012-08-12 14:37:02 ----SHD---- C:\$Recycle.Bin
2012-08-11 23:15:02 ----D---- C:\windows\system32\catroot2
2012-08-11 22:05:12 ----D---- C:\Windows
2012-08-11 22:05:12 ----A---- C:\windows\Sandboxie.ini
2012-08-11 21:50:09 ----D---- C:\Program Files (x86)\MY PROGRAM FILES (x86)
2012-08-11 13:41:03 ----D---- C:\windows\Downloaded Program Files
2012-08-11 01:15:03 ----D---- C:\windows\winsxs
2012-08-10 18:43:11 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-08-08 11:08:16 ----RD---- C:\Sandbox
2012-08-04 23:25:32 ----D---- C:\windows\pss
2012-08-04 16:25:17 ----D---- C:\ProgramData\PDFC
2012-08-01 16:32:18 ----D---- C:\Users\freekarol\AppData\Roaming\Thinstall
2012-07-31 22:58:39 ----D---- C:\windows\Prefetch
2012-07-30 23:55:08 ----D---- C:\Users\freekarol\AppData\Roaming\Media Player Classic
2012-07-30 23:54:50 ----D---- C:\windows\Panther
2012-07-30 23:54:50 ----D---- C:\windows\Logs
2012-07-30 23:54:50 ----D---- C:\windows\debug
2012-07-27 10:16:47 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2012-07-23 23:32:41 ----D---- C:\ProgramData\Skype
2012-07-21 18:59:47 ----D---- C:\Users\freekarol\AppData\Roaming\vlc
2012-07-19 23:23:36 ----SD---- C:\Users\freekarol\AppData\Roaming\Microsoft
2012-07-19 00:30:49 ----RD---- C:\Users
2012-07-17 01:12:48 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-07-17 01:10:39 ----D---- C:\ProgramData\NortonInstaller
2012-07-15 03:14:22 ----D---- C:\ProgramData\Microsoft Help
2012-07-15 03:12:16 ----A---- C:\windows\win.ini
2012-07-15 03:12:03 ----RSD---- C:\windows\assembly
2012-07-15 01:41:54 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-07-15 01:34:06 ----D---- C:\Program Files (x86)\Windows Live
2012-07-15 01:31:33 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\windows\system32\drivers\amd_sata.sys [2011-04-15 79488]
R0 amd_xata;amd_xata; C:\windows\system32\drivers\amd_xata.sys [2011-04-15 40064]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-05-05 30008]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2011-05-25 158280]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-07-03 54072]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-07-03 958400]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-07-03 355856]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-07-03 59728]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\windows\System32\DRIVERS\cmdguard.sys [2012-03-11 577824]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\windows\System32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
R1 ElRawDisk;ElRawDisk; \??\C:\windows\system32\drivers\rsdrvx64.sys [2009-02-12 26024]
R1 inspect;COMODO Internet Security Firewall Driver; C:\windows\system32\DRIVERS\inspect.sys [2012-02-03 93200]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 VBoxDrv;VirtualBox Service; C:\windows\system32\DRIVERS\VBoxDrv.sys [2012-06-05 224088]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-06-05 130904]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-07-03 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-05-05 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2011-10-25 10207744]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2011-10-25 317952]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2011-04-22 2727424]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\windows\system32\DRIVERS\btath_bus.sys [2011-05-10 29344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\drivers\HpqKbFiltr.sys [2011-05-14 25912]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2011-03-08 174680]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieDrv.sys [2012-06-17 166576]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2011-04-04 2614520]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\windows\system32\DRIVERS\stwrt64.sys [2011-05-11 523264]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-09-16 392752]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-06-05 166232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 vmci;VMware VMCI Bus Driver; C:\windows\system32\DRIVERS\vmci.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2011-05-10 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2011-05-10 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-10 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-10 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-10 154272]
S3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2011-05-10 281760]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2011-12-07 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-12-07 80384]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2011-05-10 64312]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\windows\system32\DRIVERS\vmnetadapter.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2011-10-25 204288]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-10 146592]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-05-10 80032]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\MY PROGRAM FILES\Security\Antivir\AvastSvc.exe [2012-07-03 44808]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\MY PROGRAM FILES\Security\Firewall\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 2815496]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2011-05-19 485712]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-03-18 132152]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-14 317496]
R2 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-05-22 818232]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-05-05 30520]
R2 MsgPlusService;Messenger Plus! Service; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-07-25 119808]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
R2 SbieSvc;Sandboxie Service; C:\Program Files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieSvc.exe [2012-06-17 98576]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-05-11 301056]
R2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2011-03-24 3161904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
S2 RtlISMServ;RtlISMServ; C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe [2011-05-30 40960]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-10 194032]
S3 HPAuto;HP Auto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S3 hpCMSrv;HP Connection Manager 4 Service; c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\MY PROGRAM FILES\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2011-05-10 464440]
S4 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2011-02-23 125496]
S4 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-03-23 133688]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-22 103992]
S4 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-05-10 320512]
S4 MBAMService;MBAMService; C:\Program Files (x86)\MY PROGRAM FILES (x86)\Security\Antivir\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-05-24 1318912]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-04-22 1128952]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

-----------------EOF-----------------

SGC · #2 Příspěvek od **SGC** » 14 srp 2012 23:05

Odpověd byla smazána, ale i tak jsem smazal toolbars, které mi byly k ničemu.

#3 Příspěvek od **vyosek** » 14 srp 2012 23:08

Zdravim

Ano, odpoved uzivatele kubas789 byla odmazana, jelikoz nema pravo lustit logy

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

C:\Windows\System32\taskmgr.exe
C:\Users\freekarol\AppData\Roaming\BrowserCompanion\tbhcn.exe
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

SGC · #4 Příspěvek od **SGC** » 14 srp 2012 23:30

Standartně jsem provedl skenování MBAM a SAS...

MBAM log
Malwarebytes Anti-Malware 1.62.0.1300
http://www.malwarebytes.org

Verze databáze: v2012.08.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
freekarol :: LAPTOP [administrátor]

14.8.2012 16:57:33
mbam-log-2012-08-14 (19-25-24).txt

Typ: Úplná kontrola (C:\|E:\|F:\|G:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 841850
Uplynulý čas: 2 hodin, 25 minut, 18 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 20
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Žádná instrukce nebyla provedena.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Žádná instrukce nebyla provedena.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Žádná instrukce nebyla provedena.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Žádná instrukce nebyla provedena.

Nalezené soubory: 26
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Sandbox\freekarol\DefaultBox\drive\C\Program Files (x86)\ManicTime\manictime.professional.2.0.3.0.-mpt.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Users\freekarol\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Backup\Desktop\XYplorer 11.40.0100\CRD\crd.exe (TheftMarker.Crude) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Backup\Kingston 8GB\MS Office\Portable_MS_Word-Excel\Portable_MS_Word-Excel\Portable MS Office 2003 Word-Excel\Thinstall\Office 2003\10000001400002i\msiexec.exe (Trojan.IRCBot) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Backup\Kingston 8GB\MS Office\Portable_MS_Word-Excel\Portable_MS_Word-Excel\Portable MS Office 2003 Word-Excel\Thinstall\Office 2003\1000000800002i\svchost.exe (Trojan.IRCBot) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Backup\Kingston 8GB\MS Office\Portable_MS_Word-Excel\Portable_MS_Word-Excel\Portable MS Office 2003 Word-Excel\Thinstall\Office 2003\300000009a100002i\EXCEL.EXE (Trojan.IRCBot) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Backup\Kingston 8GB\MS Office\Portable_MS_Word-Excel\Portable_MS_Word-Excel\Portable MS Office 2003 Word-Excel\Thinstall\Office 2003\30000000e300002i\DW20.EXE (Trojan.IRCBot) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Backup\Kingston 8GB\MS Office\Portable_MS_Word-Excel\Portable_MS_Word-Excel\Portable MS Office 2003 Word-Excel\Thinstall\Office 2003\4000003900002i\MultiKill.exe (Trojan.IRCBot) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Software\Portable Programs\32\Downloaders\USDownloader135\Plugins\DataCodRu.plg (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Software\Portable Programs\32\Downloaders\USDownloader135\Plugins\PhotoCodRu.plg (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Software\Portable Programs\32\Encoding\Audio\transcribe_.8.x\transcribe_.8.x-patch\transcribe!.8.x-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Software\Portable Programs\32\File Management\Managers\XYplorer 11.40.0100\CRD\crd.exe (TheftMarker.Crude) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Software\Portable Programs\32\File Management\Tagging\XYplorer 11.40.0100\CRD\crd.exe (TheftMarker.Crude) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Software\Software 4 Testing\Download Managers\Internet.Download.Manager.v6.08.8.FiNAL.incl.Keygen.and.Patch\Internet.Download.Manager.v6.08.8.FiNAL.incl.Keygen.and.Patch-SND\SND\SnDk&p.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\Users\Karol\Software\Software 4 Testing\Radmin 3.4\radmin.3.4\radmin34\keymaker.exe (RiskWare.Tool.HCK) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Žádná instrukce nebyla provedena.

(konec)

SAS log

Adware.Tracking Cookie
C:\Users\freekarol\AppData\Roaming\Microsoft\Windows\Cookies\CBM3W7SS.txt [ /atdmt.com ]
C:\Users\freekarol\AppData\Roaming\Microsoft\Windows\Cookies\0GWJLN6O.txt [ /adbrite.com ]
C:\Users\freekarol\AppData\Roaming\Microsoft\Windows\Cookies\FU4S554L.txt [ /doubleclick.net ]
C:\Users\freekarol\AppData\Roaming\Microsoft\Windows\Cookies\F2HZL23U.txt [ /ad.yieldmanager.com ]
C:\USERS\DANUTA\AppData\Roaming\Microsoft\Windows\Cookies\ZW7U1K9G.txt [ Cookie:danuta@adform.net/ ]
C:\USERS\DANUTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9H2T2ZC7.txt [ Cookie:danuta@c.atdmt.com/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\77C23WS9.txt [ Cookie:karol@yadro.ru/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\IGF6SEZG.txt [ Cookie:karol@c.atdmt.com/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\FQEWENBN.txt [ Cookie:karol@hotlog.ru/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\S38MNLSX.txt [ Cookie:karol@adserver.mipony.net/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\JBUKKGAV.txt [ Cookie:karol@openstat.net/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\5369TPV2.txt [

Cookie:karol@wmedia.rotator.hadj7.adjuggler.net/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\SSDGV9W1.txt [ Cookie:karol@rotator.hadj7.adjuggler.net/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\PFXZZ8YF.txt [

Cookie:karol@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\A1HB441E.txt [

Cookie:karol@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt168325 ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\RTDGIUME.txt [ Cookie:karol@atdmt.com/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\8ICZLT5O.txt [ Cookie:karol@liveperson.net/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRVFYMY8.txt [ Cookie:karol@imedia.cz/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RPNBM0Z.txt [ Cookie:karol@c.atdmt.com/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GOXA4LBJ.txt [ Cookie:karol@doubleclick.net/ ]
C:\USERS\KAROL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8CSMVKHX.txt [ Cookie:karol@atdmt.com/ ]

\PS7YB6FA ]
media.novinky.cz [ C:\USERS\DANUTA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AUZ96GXT ]
http://www.goalsontrack.com [ C:\USERS\KAROL\APPDATA\LOCALLOW\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZY7RM87V ]
core.insightexpressai.com [ C:\USERS\KAROL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PS7YB6FA ]
core.saymedia.com [ C:\USERS\KAROL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PS7YB6FA ]

Trojan.SVCHost/Fake
C:\USERS\KAROL\BACKUP\KINGSTON 8GB\MS OFFICE\PORTABLE_MS_WORD-EXCEL\PORTABLE_MS_WORD-EXCEL\PORTABLE MS OFFICE 2003

WORD-EXCEL\THINSTALL\OFFICE 2003\1000000800002I\SVCHOST.EXE

Trojan.Unclassified-Packed/Suspicious
C:\USERS\KAROL\PICTURES\MY NIECES\KAčENKA\NOVá SLOžKA\GSMSENDER.DLL

Trojan.Agent/Gen-Mdrop
C:\USERS\KAROL\SOFTWARE\PORTABLE PROGRAMS\32\ÚDRžBA\TASK MANAGERS\ADVANCED PROCESS TERMINATION\APT.EXE

Trojan.Agent/Gen-HackPatch
C:\USERS\KAROL\SOFTWARE\PORTABLE PROGRAMS\32\ENCODING\AUDIO\TRANSCRIBE_.8.X\TRANSCRIBE_.8.X-PATCH\TRANSCRIBE!.8.X-

PATCH.EXE

Trojan.Agent/Gen-Keygen
C:\USERS\KAROL\SOFTWARE\SOFTWARE 4 TESTING\DOWNLOAD MANAGERS

\INTERNET.DOWNLOAD.MANAGER.V6.08.8.FINAL.INCL.KEYGEN.AND.PATCH

\INTERNET.DOWNLOAD.MANAGER.V6.08.8.FINAL.INCL.KEYGEN.AND.PATCH-SND\SND\SNDK&P.EXE

Koukám, že mi někdo z rodiny nainstaloval warez do ntb, takže i kdyby to bylo v pořádku, tak to pak stejně smažu. Budu muset změnit administrátorské heslo.

virustotal
http://bit.ly/MY6A74

Browser companion jsem už smazal, ten toolbar jsem nepoužíval...

#5 Příspěvek od **vyosek** » 15 srp 2012 14:03

Komplet nalezy MBAM smazte a pak sken zopakujte

SGC · #6 Příspěvek od **SGC** » 15 srp 2012 17:48

Provedeno. Ted MBAM už nic nenašel.

#7 Příspěvek od **vyosek** » 15 srp 2012 22:05

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

SGC · #8 Příspěvek od **SGC** » 16 srp 2012 00:17

Combofix se mi zasekl na fázi 4, ale jelikož jsem trpělivý člověk, tak jsem ho vypnul bez problémů až po 45 minutách a znovu spustil. Pak už vše proběhlo v pořádku. Tady je ten log:

ComboFix 12-08-15.01 - freekarol 16.08.2012 0:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3552.1817 [GMT 2:00]
Spuštěný z: c:\users\freekarol\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-15 do 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 22:54 . 2012-08-15 22:54 -------- d-----w- c:\users\Karol\AppData\Local\temp
2012-08-15 22:54 . 2012-08-15 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 09:21 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 08:47 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 08:47 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 08:47 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 08:47 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 08:47 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 08:47 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 08:46 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 08:46 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 08:46 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 08:46 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 08:46 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 08:46 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 23:48 . 2012-08-14 23:49 -------- d-----w- c:\users\freekarol\Software
2012-08-14 21:30 . 2012-08-14 21:32 -------- d-----w- c:\users\freekarol\AppData\Roaming\Free Online Radio Player Recorder
2012-08-14 20:52 . 2012-08-14 20:52 -------- d-----w- c:\program files\trend micro
2012-08-14 20:52 . 2012-08-14 20:53 -------- d-----w- C:\rsit
2012-08-14 17:42 . 2012-08-14 17:42 -------- d-----w- c:\users\freekarol\AppData\Roaming\SUPERAntiSpyware.com
2012-08-14 17:42 . 2012-08-14 17:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-14 12:51 . 2012-08-14 12:51 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-08-13 21:19 . 2012-08-13 21:19 -------- d-----w- c:\users\freekarol\AppData\Roaming\VMware
2012-08-13 17:15 . 2012-08-13 22:47 -------- d-----w- c:\users\Karol\VirtualBox VMs
2012-08-13 17:10 . 2012-08-13 23:00 -------- d-----w- c:\users\Karol\.VirtualBox
2012-08-13 17:10 . 2012-06-05 14:03 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-08-13 17:09 . 2012-08-13 17:10 -------- dc----w- c:\windows\system32\DRVSTORE
2012-08-13 17:09 . 2012-06-05 14:03 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-08-13 14:02 . 2012-08-13 17:02 -------- d-----w- c:\users\Karol\AppData\Local\VMware
2012-08-13 14:01 . 2012-08-13 16:55 -------- d-----w- c:\users\Karol\AppData\Roaming\VMware
2012-08-13 13:46 . 2012-08-13 21:21 -------- d-----w- c:\programdata\VMware
2012-08-13 13:03 . 2012-08-13 20:16 -------- d-----w- c:\users\Karol\AppData\Local\Spoon
2012-08-13 13:03 . 2012-08-13 13:03 -------- d-----w- c:\users\Karol\AppData\Local\Xenocode
2012-08-12 13:26 . 2012-08-12 13:26 -------- d-----w- c:\users\Karol\AppData\Roaming\Media Player Classic
2012-08-11 21:49 . 2012-08-11 21:49 -------- d-----w- c:\users\Karol\AppData\Roaming\Hewlett-Packard
2012-08-11 21:49 . 2012-08-11 21:53 -------- d-----w- c:\users\Karol\AppData\Local\Hewlett-Packard
2012-08-11 21:43 . 2012-08-11 21:43 -------- d-----w- c:\users\Karol\AppData\Local\ArcSoft
2012-08-11 19:51 . 2012-08-11 19:51 -------- d-----w- c:\program files (x86)\Conduit
2012-08-11 19:51 . 2012-08-14 22:00 -------- d-----w- c:\users\freekarol\AppData\Local\Conduit
2012-08-11 19:50 . 2005-04-25 11:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2012-08-11 19:50 . 2005-04-25 11:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2012-08-11 19:50 . 2007-10-24 16:57 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2012-08-11 19:50 . 2007-10-24 16:57 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2012-08-11 19:50 . 2005-02-24 09:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2012-08-11 19:50 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2012-08-11 19:50 . 2003-08-07 13:01 237568 ----a-w- c:\windows\SysWow64\lame_enc.dll
2012-08-11 19:50 . 2002-01-05 12:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-08-11 14:52 . 2012-08-11 14:53 -------- d-----w- c:\programdata\Messenger Plus! for Skype
2012-08-11 14:52 . 2012-08-14 22:00 -------- d-----w- c:\users\freekarol\AppData\Roaming\BrowserCompanion
2012-08-11 14:07 . 2012-08-11 14:11 -------- d-----w- c:\users\Karol\AppData\Roaming\Gmail Backup
2012-08-11 13:51 . 2012-08-11 13:51 -------- d-----w- c:\users\Karol\AppData\Local\Ashampoo
2012-08-11 13:50 . 2012-08-11 13:50 -------- d-----w- c:\users\Karol\AppData\Roaming\Ashampoo
2012-08-11 13:46 . 2012-08-11 13:46 -------- d-----w- c:\users\freekarol\AppData\Local\ashampoo
2012-08-11 13:46 . 2012-08-11 13:46 -------- d-----w- c:\programdata\ashampoo
2012-08-10 23:15 . 2012-08-10 23:15 -------- d-----w- c:\programdata\Apple Computer
2012-08-10 23:15 . 2010-11-29 17:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-08-10 23:15 . 2010-11-29 17:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-08-10 23:15 . 2010-11-29 17:38 180224 ----a-w- c:\windows\SysWow64\QTCF.dll
2012-08-10 22:48 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-10 22:00 . 2012-08-10 22:00 -------- d-----w- c:\users\Karol\AppData\Roaming\Yahoo!
2012-08-10 21:19 . 2012-08-10 21:20 -------- d-----w- c:\programdata\Messenger Plus!
2012-08-10 21:18 . 2012-08-11 14:51 -------- d-----w- c:\program files (x86)\Yuna Software
2012-08-10 20:07 . 2012-08-10 20:07 -------- d-----w- c:\users\Karol\AppData\Roaming\Unity
2012-08-10 20:04 . 2012-08-10 20:04 -------- d-----w- c:\users\Karol\AppData\Local\Unity
2012-08-10 19:27 . 2012-08-10 19:29 -------- d-----w- c:\users\Karol\AppData\Roaming\Foxit Software
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\users\freekarol\AppData\Local\Adobe
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\users\Karol\AppData\Local\Adobe
2012-08-10 14:34 . 2012-08-10 14:34 -------- d-----w- c:\program files\Google
2012-08-10 14:34 . 2012-08-10 19:52 -------- d-----w- c:\program files (x86)\Google
2012-08-10 14:33 . 2012-08-10 14:36 -------- d-----w- c:\users\Karol\AppData\Local\Google
2012-08-10 14:33 . 2012-08-10 14:33 -------- d-----w- c:\users\Karol\AppData\Local\Apps
2012-08-10 14:33 . 2012-08-10 14:33 -------- d-----w- c:\users\Karol\AppData\Local\Deployment
2012-08-10 13:48 . 2012-08-10 13:48 -------- d-----w- c:\users\Karol\AppData\Roaming\IDT
2012-08-10 13:29 . 2012-08-10 13:29 -------- d-----w- c:\users\Karol\AppData\Roaming\MultiSkypeLauncher
2012-08-09 21:26 . 2012-08-09 21:26 -------- d-----w- c:\users\Karol\AppData\Roaming\Malwarebytes
2012-08-09 12:56 . 2012-08-10 22:17 -------- d-----w- c:\users\Karol\Tracing
2012-08-09 12:19 . 2012-08-10 21:21 -------- d-----w- c:\users\Karol\AppData\Local\Windows Live
2012-08-09 12:18 . 2012-08-10 13:56 -------- d-----w- c:\users\Karol\AppData\Local\FacebookDiscovery
2012-08-09 12:15 . 2012-08-09 12:41 -------- d-----w- c:\users\Karol\.rssowl2
2012-08-09 11:22 . 2012-08-09 11:22 -------- d-----w- c:\users\Karol\temp
2012-08-09 11:22 . 2012-08-09 15:05 -------- d-----w- c:\users\Karol\AppData\Roaming\TeamViewer
2012-08-06 22:56 . 2012-08-11 20:06 -------- d-----w- C:\Downloads
2012-08-06 22:49 . 2012-08-06 22:52 -------- d-----w- c:\users\Karol\AppData\Roaming\Mipony
2012-08-06 22:45 . 2012-08-14 12:51 -------- d-----w- c:\users\Karol\AppData\Roaming\Free Download Manager
2012-08-06 22:44 . 2012-08-14 21:38 -------- d-----w- c:\users\freekarol\AppData\Roaming\Free Download Manager
2012-08-06 15:59 . 2012-08-13 18:15 -------- d-----w- c:\users\Karol\AppData\Local\CrashDumps
2012-08-04 15:52 . 2012-08-15 22:01 -------- d-----w- c:\users\Karol\AppData\Roaming\Skype
2012-08-04 15:52 . 2012-08-04 15:52 -------- d-----w- c:\users\Karol\AppData\Roaming\skypePM
2012-08-04 14:31 . 2012-08-04 14:31 -------- d-----w- c:\users\freekarol\AppData\Roaming\Thunderbird
2012-08-01 15:49 . 2012-08-01 15:49 -------- d-----w- c:\users\freekarol\AppData\Local\FacebookDiscovery
2012-08-01 15:48 . 2012-08-01 15:48 -------- d-----w- c:\programdata\FacebookDiscovery
2012-08-01 15:36 . 2012-08-14 21:46 -------- d-----w- c:\users\freekarol\AppData\Local\Google
2012-08-01 14:37 . 2012-08-01 14:51 -------- d-----w- c:\users\freekarol\AppData\Local\Deployment
2012-08-01 14:37 . 2012-08-01 14:37 -------- d-----w- c:\users\freekarol\AppData\Local\Apps
2012-07-30 21:50 . 2012-07-30 21:50 -------- d-----w- c:\users\freekarol\AppData\Roaming\Pegtop
2012-07-30 20:03 . 2012-07-30 20:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-30 16:53 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-07-26 16:31 . 2012-07-26 16:31 -------- d-----w- c:\users\freekarol\AppData\Roaming\FLEXnet
2012-07-25 17:07 . 2012-07-25 17:09 -------- d-----w- c:\users\freekarol\Launcher
2012-07-24 23:39 . 2012-07-24 23:39 -------- d-----w- c:\users\Karol\AppData\Local\Macromedia
2012-07-24 23:38 . 2012-07-24 23:38 -------- d-----w- c:\users\Karol\AppData\Local\Mozilla
2012-07-24 20:55 . 2012-07-24 20:55 -------- d-----w- c:\users\Karol\AppData\Roaming\Synaptics
2012-07-24 15:56 . 2012-07-24 15:56 -------- d-----w- C:\pstart
2012-07-23 22:39 . 2012-07-23 22:39 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-07-23 22:39 . 2012-07-23 22:39 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-23 22:39 . 2012-07-23 22:39 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-07-23 17:36 . 2012-07-23 17:36 -------- d-----w- c:\users\Danuta\AppData\Local\uTorrent
2012-07-23 16:10 . 2012-07-23 16:10 -------- d-----w- c:\users\Danuta\Přijaté soubory
2012-07-21 15:33 . 2012-07-21 15:33 -------- d-----w- c:\users\freekarol\AppData\Roaming\Mipony
2012-07-21 15:33 . 2012-07-21 15:33 247 ----a-w- C:\user.js
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\programdata\Babylon
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\freekarol\AppData\Roaming\Babylon
2012-07-20 12:39 . 2012-07-20 12:39 -------- d-----w- c:\users\Danuta\AppData\Local\Hewlett-Packard_Developme
2012-07-19 22:32 . 2009-02-12 13:11 26024 ----a-w- c:\windows\system32\drivers\rsdrvx64.sys
2012-07-19 18:34 . 2012-07-19 18:34 -------- d-----w- c:\users\freekarol\AppData\Roaming\.anki
2012-07-18 22:30 . 2012-07-18 22:31 -------- d-----w- c:\users\Navstevnik
2012-07-18 11:51 . 2012-07-23 18:08 -------- d-----w- c:\users\Danuta\AppData\Local\Windows Live
2012-07-18 11:50 . 2012-07-23 18:08 -------- d-----w- c:\users\Danuta\Tracing
2012-07-17 10:45 . 2012-08-08 17:02 -------- d-----w- c:\users\Danuta\AppData\Roaming\Skype
2012-07-17 10:27 . 2012-07-17 10:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\Danuta\AppData\Roaming\skypePM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 21:54 . 2012-07-03 14:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 21:54 . 2011-12-07 21:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:16 . 2012-07-05 20:39 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-14 23:31 . 2012-07-14 23:31 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 16:21 . 2012-07-03 15:27 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-07-03 15:27 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-07-03 15:27 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-07-03 15:27 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-07-03 15:27 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-07-03 15:27 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-07-03 15:26 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-07-03 15:26 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-07-03 15:27 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 15:03 . 2012-07-03 15:03 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-03 15:03 . 2012-07-03 15:03 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-07-04 20:36 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-10 21:32 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:32 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:32 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:32 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:32 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-05 14:03 . 2012-06-05 14:03 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-06-05 14:03 . 2012-06-05 14:03 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-06-05 14:02 . 2012-06-05 14:02 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-06-02 22:19 . 2012-07-05 19:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-05 19:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-05 19:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-05 19:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-05 19:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-07-05 19:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-05 19:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-07-05 19:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-07-05 19:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 21:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 21:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-10 21:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-10 21:32 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 21:32 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 21:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 21:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 21:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 21:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-14 318520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-11-21 169528]
"avast"="c:\program files\MY PROGRAM FILES\Security\Antivir\avastUI.exe" [2012-07-03 4273976]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-07-25 119808]
.
c:\users\freekarol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rizone Memory Booster.lnk - c:\users\Karol\Software\Portable Programs\32\Údržba\RAM\memBoost-1-7-9-1798\memBoost-1-7-9-1798\memBoost.exe [2012-7-7 535665]
taskmgr – zástupce.lnk - c:\windows\System32\taskmgr.exe [2010-11-21 257024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 23:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-03-17 132152]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-10 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-10 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-10 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-10 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-10 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-10 281760]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-05-09 64312]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\MY PROGRAM FILES\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-05-09 464440]
R4 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-03-23 133688]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-22 103992]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-05-09 320512]
R4 MBAMService;MBAMService;c:\program files (x86)\MY PROGRAM FILES (x86)\Security\Antivir\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-05-24 1318912]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-04-22 1128952]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-04-15 40064]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys [2009-02-12 26024]
S1 SASDIFSV;SASDIFSV;c:\program files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-06-05 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-06-05 130904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-25 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-10 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-05-10 80032]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-14 317496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-05 30520]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-07-25 119808]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 RtlISMServ;RtlISMServ;c:\program files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe [2011-05-30 40960]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-03-24 3161904]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-25 10207744]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-25 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-10 29344]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-03-08 174680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-04-04 2614520]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-06-05 166232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 14:34]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 14:34]
.
2012-07-29 c:\windows\Tasks\HPCeeScheduleForfreekarol.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\MY PROGRAM FILES\Security\Antivir\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-05-10 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-05-10 379552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-11 1128448]
"COMODO Internet Security"="c:\program files\MY PROGRAM FILES\Security\Firewall\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"combofix"="c:\combofix\CF15313.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all with Free Download Manager - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dllink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MYPROG~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MYPROG~1\Office14\ONBttnIE.dll/105
IE: Stáhnout s Mipony - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3E8772A4-7E3D-441F-927D-6096907C0B24}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\freekarol\AppData\Roaming\Mozilla\Firefox\Profiles\y66fmwm3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112842&tt=2912_5&babsrc=KW_ss&mntrId=80e02459000000000000beb70d484192&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112842&tt=2912_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 80e02459000000000000beb70d484192
FF - user.js: extensions.BabylonToolbar_i.hardId - 80e02459000000000000beb70d484192
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15542
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:32
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*€ *]
@="\010\01"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\
]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\@4*]
@="?4"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\MY PROGRAM FILES\Security\Antivir\AvastSvc.exe
c:\program files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtWlan.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
.
**************************************************************************
.
Celkový čas: 2012-08-16 01:06:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-15 23:06
.
Před spuštěním: Volných bajtů: 242 564 706 304
Po spuštění: Volných bajtů: 244 136 067 072
.
- - End Of File - - 19964C0983C9D720E53939644EDF3C08

#9 Příspěvek od **vyosek** » 16 srp 2012 07:34

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PlusService"=-
"MessengerPlusForSkypeService"=-

File::
c:\users\freekarol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr – zástupce.lnk

Driver::
gupdate
gupdatem

DDS::
mStart Page = hxxp://www.bing.com?pc=CMNTDF

Firefox::
FF - ProfilePath - c:\users\freekarol\AppData\Roaming\Mozilla\Firefox\Profiles\y66fmwm3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112842 ... d484192&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112842&tt=2912_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 80e02459000000000000beb70d484192
FF - user.js: extensions.BabylonToolbar_i.hardId - 80e02459000000000000beb70d484192
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15542
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:32
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

SGC · #10 Příspěvek od **SGC** » 16 srp 2012 14:06

Vše úspěšně provedeno a tady je ten log:

ComboFix 12-08-15.01 - freekarol 16.08.2012 14:26:36.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3552.2112 [GMT 2:00]
Spuštěný z: c:\users\freekarol\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\freekarol\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\freekarol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr – zástupce.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-16 do 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 12:35 . 2012-08-16 12:35 -------- d-----w- c:\users\Karol\AppData\Local\temp
2012-08-16 12:35 . 2012-08-16 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 09:21 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 08:47 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 08:47 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 08:47 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 08:47 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 08:47 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 08:47 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 08:46 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 08:46 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 08:46 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 08:46 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 08:46 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 08:46 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 23:48 . 2012-08-14 23:49 -------- d-----w- c:\users\freekarol\Software
2012-08-14 21:30 . 2012-08-14 21:32 -------- d-----w- c:\users\freekarol\AppData\Roaming\Free Online Radio Player Recorder
2012-08-14 20:52 . 2012-08-14 20:52 -------- d-----w- c:\program files\trend micro
2012-08-14 20:52 . 2012-08-14 20:53 -------- d-----w- C:\rsit
2012-08-14 17:42 . 2012-08-14 17:42 -------- d-----w- c:\users\freekarol\AppData\Roaming\SUPERAntiSpyware.com
2012-08-14 17:42 . 2012-08-14 17:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-14 12:51 . 2012-08-14 12:51 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-08-13 21:19 . 2012-08-13 21:19 -------- d-----w- c:\users\freekarol\AppData\Roaming\VMware
2012-08-13 17:15 . 2012-08-13 22:47 -------- d-----w- c:\users\Karol\VirtualBox VMs
2012-08-13 17:10 . 2012-08-13 23:00 -------- d-----w- c:\users\Karol\.VirtualBox
2012-08-13 17:10 . 2012-06-05 14:03 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-08-13 17:09 . 2012-08-13 17:10 -------- dc----w- c:\windows\system32\DRVSTORE
2012-08-13 17:09 . 2012-06-05 14:03 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-08-13 14:02 . 2012-08-13 17:02 -------- d-----w- c:\users\Karol\AppData\Local\VMware
2012-08-13 14:01 . 2012-08-13 16:55 -------- d-----w- c:\users\Karol\AppData\Roaming\VMware
2012-08-13 13:46 . 2012-08-13 21:21 -------- d-----w- c:\programdata\VMware
2012-08-13 13:03 . 2012-08-13 20:16 -------- d-----w- c:\users\Karol\AppData\Local\Spoon
2012-08-13 13:03 . 2012-08-13 13:03 -------- d-----w- c:\users\Karol\AppData\Local\Xenocode
2012-08-12 13:26 . 2012-08-12 13:26 -------- d-----w- c:\users\Karol\AppData\Roaming\Media Player Classic
2012-08-11 21:49 . 2012-08-11 21:49 -------- d-----w- c:\users\Karol\AppData\Roaming\Hewlett-Packard
2012-08-11 21:49 . 2012-08-11 21:53 -------- d-----w- c:\users\Karol\AppData\Local\Hewlett-Packard
2012-08-11 21:43 . 2012-08-11 21:43 -------- d-----w- c:\users\Karol\AppData\Local\ArcSoft
2012-08-11 19:51 . 2012-08-11 19:51 -------- d-----w- c:\program files (x86)\Conduit
2012-08-11 19:51 . 2012-08-14 22:00 -------- d-----w- c:\users\freekarol\AppData\Local\Conduit
2012-08-11 19:50 . 2005-04-25 11:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2012-08-11 19:50 . 2005-04-25 11:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2012-08-11 19:50 . 2007-10-24 16:57 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2012-08-11 19:50 . 2007-10-24 16:57 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2012-08-11 19:50 . 2005-02-24 09:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2012-08-11 19:50 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2012-08-11 19:50 . 2003-08-07 13:01 237568 ----a-w- c:\windows\SysWow64\lame_enc.dll
2012-08-11 19:50 . 2002-01-05 12:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-08-11 14:52 . 2012-08-11 14:53 -------- d-----w- c:\programdata\Messenger Plus! for Skype
2012-08-11 14:52 . 2012-08-14 22:00 -------- d-----w- c:\users\freekarol\AppData\Roaming\BrowserCompanion
2012-08-11 14:07 . 2012-08-11 14:11 -------- d-----w- c:\users\Karol\AppData\Roaming\Gmail Backup
2012-08-11 13:51 . 2012-08-11 13:51 -------- d-----w- c:\users\Karol\AppData\Local\Ashampoo
2012-08-11 13:50 . 2012-08-11 13:50 -------- d-----w- c:\users\Karol\AppData\Roaming\Ashampoo
2012-08-11 13:46 . 2012-08-11 13:46 -------- d-----w- c:\users\freekarol\AppData\Local\ashampoo
2012-08-11 13:46 . 2012-08-11 13:46 -------- d-----w- c:\programdata\ashampoo
2012-08-10 23:15 . 2012-08-10 23:15 -------- d-----w- c:\programdata\Apple Computer
2012-08-10 23:15 . 2010-11-29 17:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-08-10 23:15 . 2010-11-29 17:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-08-10 23:15 . 2010-11-29 17:38 180224 ----a-w- c:\windows\SysWow64\QTCF.dll
2012-08-10 22:48 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-10 22:00 . 2012-08-10 22:00 -------- d-----w- c:\users\Karol\AppData\Roaming\Yahoo!
2012-08-10 21:19 . 2012-08-10 21:20 -------- d-----w- c:\programdata\Messenger Plus!
2012-08-10 21:18 . 2012-08-11 14:51 -------- d-----w- c:\program files (x86)\Yuna Software
2012-08-10 20:07 . 2012-08-10 20:07 -------- d-----w- c:\users\Karol\AppData\Roaming\Unity
2012-08-10 20:04 . 2012-08-10 20:04 -------- d-----w- c:\users\Karol\AppData\Local\Unity
2012-08-10 19:27 . 2012-08-10 19:29 -------- d-----w- c:\users\Karol\AppData\Roaming\Foxit Software
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\users\freekarol\AppData\Local\Adobe
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\users\Karol\AppData\Local\Adobe
2012-08-10 14:34 . 2012-08-10 14:34 -------- d-----w- c:\program files\Google
2012-08-10 14:34 . 2012-08-10 19:52 -------- d-----w- c:\program files (x86)\Google
2012-08-10 14:33 . 2012-08-10 14:36 -------- d-----w- c:\users\Karol\AppData\Local\Google
2012-08-10 14:33 . 2012-08-10 14:33 -------- d-----w- c:\users\Karol\AppData\Local\Apps
2012-08-10 14:33 . 2012-08-10 14:33 -------- d-----w- c:\users\Karol\AppData\Local\Deployment
2012-08-10 13:48 . 2012-08-10 13:48 -------- d-----w- c:\users\Karol\AppData\Roaming\IDT
2012-08-10 13:29 . 2012-08-10 13:29 -------- d-----w- c:\users\Karol\AppData\Roaming\MultiSkypeLauncher
2012-08-09 21:26 . 2012-08-09 21:26 -------- d-----w- c:\users\Karol\AppData\Roaming\Malwarebytes
2012-08-09 12:56 . 2012-08-10 22:17 -------- d-----w- c:\users\Karol\Tracing
2012-08-09 12:19 . 2012-08-10 21:21 -------- d-----w- c:\users\Karol\AppData\Local\Windows Live
2012-08-09 12:18 . 2012-08-10 13:56 -------- d-----w- c:\users\Karol\AppData\Local\FacebookDiscovery
2012-08-09 12:15 . 2012-08-09 12:41 -------- d-----w- c:\users\Karol\.rssowl2
2012-08-09 11:22 . 2012-08-09 11:22 -------- d-----w- c:\users\Karol\temp
2012-08-09 11:22 . 2012-08-09 15:05 -------- d-----w- c:\users\Karol\AppData\Roaming\TeamViewer
2012-08-06 22:56 . 2012-08-11 20:06 -------- d-----w- C:\Downloads
2012-08-06 22:49 . 2012-08-06 22:52 -------- d-----w- c:\users\Karol\AppData\Roaming\Mipony
2012-08-06 22:45 . 2012-08-14 12:51 -------- d-----w- c:\users\Karol\AppData\Roaming\Free Download Manager
2012-08-06 22:44 . 2012-08-14 21:38 -------- d-----w- c:\users\freekarol\AppData\Roaming\Free Download Manager
2012-08-06 15:59 . 2012-08-13 18:15 -------- d-----w- c:\users\Karol\AppData\Local\CrashDumps
2012-08-04 15:52 . 2012-08-16 12:19 -------- d-----w- c:\users\Karol\AppData\Roaming\Skype
2012-08-04 15:52 . 2012-08-04 15:52 -------- d-----w- c:\users\Karol\AppData\Roaming\skypePM
2012-08-04 14:31 . 2012-08-04 14:31 -------- d-----w- c:\users\freekarol\AppData\Roaming\Thunderbird
2012-08-01 15:49 . 2012-08-01 15:49 -------- d-----w- c:\users\freekarol\AppData\Local\FacebookDiscovery
2012-08-01 15:48 . 2012-08-01 15:48 -------- d-----w- c:\programdata\FacebookDiscovery
2012-08-01 15:36 . 2012-08-14 21:46 -------- d-----w- c:\users\freekarol\AppData\Local\Google
2012-08-01 14:37 . 2012-08-01 14:51 -------- d-----w- c:\users\freekarol\AppData\Local\Deployment
2012-08-01 14:37 . 2012-08-01 14:37 -------- d-----w- c:\users\freekarol\AppData\Local\Apps
2012-07-30 21:50 . 2012-07-30 21:50 -------- d-----w- c:\users\freekarol\AppData\Roaming\Pegtop
2012-07-30 20:03 . 2012-07-30 20:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-30 16:53 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-07-26 16:31 . 2012-07-26 16:31 -------- d-----w- c:\users\freekarol\AppData\Roaming\FLEXnet
2012-07-25 17:07 . 2012-07-25 17:09 -------- d-----w- c:\users\freekarol\Launcher
2012-07-24 23:39 . 2012-07-24 23:39 -------- d-----w- c:\users\Karol\AppData\Local\Macromedia
2012-07-24 23:38 . 2012-07-24 23:38 -------- d-----w- c:\users\Karol\AppData\Local\Mozilla
2012-07-24 20:55 . 2012-07-24 20:55 -------- d-----w- c:\users\Karol\AppData\Roaming\Synaptics
2012-07-24 15:56 . 2012-07-24 15:56 -------- d-----w- C:\pstart
2012-07-23 22:39 . 2012-07-23 22:39 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-07-23 22:39 . 2012-07-23 22:39 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-23 22:39 . 2012-07-23 22:39 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-07-23 17:36 . 2012-07-23 17:36 -------- d-----w- c:\users\Danuta\AppData\Local\uTorrent
2012-07-23 16:10 . 2012-07-23 16:10 -------- d-----w- c:\users\Danuta\Přijaté soubory
2012-07-21 15:33 . 2012-07-21 15:33 -------- d-----w- c:\users\freekarol\AppData\Roaming\Mipony
2012-07-21 15:33 . 2012-07-21 15:33 247 ----a-w- C:\user.js
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\programdata\Babylon
2012-07-21 15:32 . 2012-07-21 15:32 -------- d-----w- c:\users\freekarol\AppData\Roaming\Babylon
2012-07-20 12:39 . 2012-07-20 12:39 -------- d-----w- c:\users\Danuta\AppData\Local\Hewlett-Packard_Developme
2012-07-19 22:32 . 2009-02-12 13:11 26024 ----a-w- c:\windows\system32\drivers\rsdrvx64.sys
2012-07-19 18:34 . 2012-07-19 18:34 -------- d-----w- c:\users\freekarol\AppData\Roaming\.anki
2012-07-18 22:30 . 2012-07-18 22:31 -------- d-----w- c:\users\Navstevnik
2012-07-18 11:51 . 2012-07-23 18:08 -------- d-----w- c:\users\Danuta\AppData\Local\Windows Live
2012-07-18 11:50 . 2012-07-23 18:08 -------- d-----w- c:\users\Danuta\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 21:54 . 2012-07-03 14:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 21:54 . 2011-12-07 21:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:16 . 2012-07-05 20:39 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-14 23:31 . 2012-07-14 23:31 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 16:21 . 2012-07-03 15:27 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-07-03 15:27 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-07-03 15:27 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-07-03 15:27 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-07-03 15:27 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-07-03 15:27 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-07-03 15:26 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-07-03 15:26 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-07-03 15:27 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 15:03 . 2012-07-03 15:03 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-03 15:03 . 2012-07-03 15:03 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-07-04 20:36 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-10 21:32 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:32 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:32 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:32 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:32 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-05 14:03 . 2012-06-05 14:03 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-06-05 14:03 . 2012-06-05 14:03 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-06-05 14:02 . 2012-06-05 14:02 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-06-02 22:19 . 2012-07-05 19:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-05 19:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-05 19:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-05 19:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-05 19:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-07-05 19:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-05 19:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-07-05 19:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-07-05 19:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 21:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 21:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-10 21:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-10 21:32 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 21:32 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 21:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 21:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 21:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 21:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_22.59.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-15 23:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 12:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-15 23:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 12:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 23:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 12:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-08-16 12:41 43010 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-28 11:28 . 2012-08-15 22:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-28 11:28 . 2012-08-15 09:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-28 11:28 . 2012-08-15 09:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-28 11:28 . 2012-08-15 22:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 09:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 22:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-15 23:06 97104 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-28 11:28 . 2012-08-16 12:41 8990 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2722712566-590643248-4265252878-1001_UserData.bin
+ 2012-08-16 12:36 . 2012-08-16 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 22:56 . 2012-08-15 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 22:56 . 2012-08-15 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 12:36 . 2012-08-16 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-28 20:26 . 2012-08-16 10:08 297866 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:01 . 2012-08-15 22:55 386300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-16 12:35 386300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-03 11:32 . 2012-08-16 12:35 724928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2722712566-590643248-4265252878-1002-4096.dat
+ 2012-06-28 18:59 . 2012-08-16 12:35 1278384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2722712566-590643248-4265252878-1002-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\MY PROGRAM FILES\Security\Sandbox\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-14 318520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-11-21 169528]
"avast"="c:\program files\MY PROGRAM FILES\Security\Antivir\avastUI.exe" [2012-07-03 4273976]
.
c:\users\freekarol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rizone Memory Booster.lnk - c:\users\Karol\Software\Portable Programs\32\Údržba\RAM\memBoost-1-7-9-1798\memBoost-1-7-9-1798\memBoost.exe [2012-7-7 535665]
taskmgr – zástupce.lnk - c:\windows\System32\taskmgr.exe [2010-11-21 257024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 23:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-03-17 132152]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-10 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-10 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-10 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-10 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-10 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-10 281760]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-05-09 64312]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-03-08 174680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\MY PROGRAM FILES\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-05-09 464440]
R4 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-03-23 133688]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-22 103992]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-05-09 320512]
R4 MBAMService;MBAMService;c:\program files (x86)\MY PROGRAM FILES (x86)\Security\Antivir\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-05-24 1318912]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-04-22 1128952]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-04-15 40064]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys [2009-02-12 26024]
S1 SASDIFSV;SASDIFSV;c:\program files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-06-05 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-06-05 130904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\MY PROGRAM FILES\Security\Antispyware\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-25 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-10 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-05-10 80032]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-14 317496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-05 30520]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-07-25 119808]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 RtlISMServ;RtlISMServ;c:\program files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe [2011-05-30 40960]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-03-24 3161904]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-25 10207744]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-25 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-10 29344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-04-04 2614520]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-06-05 166232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 14:34]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 14:34]
.
2012-07-29 c:\windows\Tasks\HPCeeScheduleForfreekarol.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\MY PROGRAM FILES\Security\Antivir\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-05-10 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-05-10 379552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-11 1128448]
"COMODO Internet Security"="c:\program files\MY PROGRAM FILES\Security\Firewall\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"combofix"="c:\combofix\CF12175.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all with Free Download Manager - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\Free Download Manager\dllink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MYPROG~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MYPROG~1\Office14\ONBttnIE.dll/105
IE: Stáhnout s Mipony - file://c:\program files (x86)\MY PROGRAM FILES (x86)\Downloaders\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3E8772A4-7E3D-441F-927D-6096907C0B24}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\freekarol\AppData\Roaming\Mozilla\Firefox\Profiles\y66fmwm3.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*€ *]
@="\010\01"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\
]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\@4*]
@="?4"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\MY PROGRAM FILES\Security\Antivir\AvastSvc.exe
c:\program files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtWlan.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Celkový čas: 2012-08-16 14:46:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-16 12:46
ComboFix2.txt 2012-08-15 23:06
.
Před spuštěním: Volných bajtů: 244 259 209 216
Po spuštění: Volných bajtů: 244 051 476 480
.
- - End Of File - - DC0DCDA7863201FB3D5983DD664D6752

#11 Příspěvek od **vyosek** » 16 srp 2012 16:44

Nastala nejaka zmena v chovani

SGC · #12 Příspěvek od **SGC** » 17 srp 2012 13:35

Ted se zdá, že už vše funguje tak, jak má. Takže ted už jen odinstalovat Combofix, že?

#13 Příspěvek od **vyosek** » 17 srp 2012 19:39

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

SGC · #14 Příspěvek od **SGC** » 17 srp 2012 23:11

Vše provedeno. Díky za pomoc.

#15 Příspěvek od **vyosek** » 18 srp 2012 06:06

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

pomalejší ntb+problém s shockwave player

pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player

Re: pomalejší ntb+problém s shockwave player