Prosim o pomoc s odstranenim Live Security Platinum

Zpráva

Dr.Sova · #31 Příspěvek od **Dr.Sova** » 03 zář 2012 21:25

OTL Extras logfile created on: 3.9.2012 21:31:52 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Lucka\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,87 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 49,95% Memory free
3,74 Gb Paging File | 2,77 Gb Available in Paging File | 74,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 134,03 Gb Free Space | 57,55% Space Free | Partition Type: NTFS
Drive D: | 30,24 Gb Total Space | 5,91 Gb Free Space | 19,53% Space Free | Partition Type: FAT32

Computer Name: NB-LUCKA | User Name: Lucka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerEmail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerEmail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FCA8B8D-B01A-4BD5-B1EF-2E1F0C9649CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13DB3DBB-2965-45DB-B8A4-AFDAFE53CD47}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{211A7003-2C05-4678-986C-18E611A06EBA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2776ED6A-4CA7-4E9B-A754-9CB08E82EBB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{323AAC0F-4414-4412-98C9-BE8EA6D88ACE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{360DA185-9E44-43DC-95E7-3891FED9B186}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36EC49B3-FEE1-4F29-8261-7142B3ABE0A1}" = lport=139 | protocol=6 | dir=in | app=system |
"{37D66C51-DA0E-4CEF-8B68-2F5288C691B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{3950C3DD-EC75-4287-A492-A11B6CB334E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{39A8F3CF-8C99-46AD-A3D4-885D645EA6DD}" = rport=139 | protocol=6 | dir=out | app=system |
"{41A9F23B-BBA6-4E3A-A5A0-E0B576E9C196}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{449231FC-2DE5-4202-BE68-9731F6016806}" = rport=138 | protocol=17 | dir=out | app=system |
"{4493997F-DCDF-41DD-A95D-CA760B275CB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47D8819D-109A-4CB9-B039-DA4DBFD4EBCD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4C9121C3-5363-426D-87E6-32D406F6AB57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4CF1FA3A-FCB7-42E4-9CE8-ECA8AEAEEEB0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4D40A68E-0D7D-49BA-B702-48A628009100}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59B648CE-6C9D-4663-B4E1-163846AA15E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C9CE148-E95F-42D1-98EA-7761F9CB1DF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6930E689-E022-4932-8B92-867732536848}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CB15E54-97EC-4029-97CA-8CF6C3F2BA7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84252A59-756C-4F5D-A8B0-65C77058CC27}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8B3FB3D6-488C-416F-884B-E48784FB1C6F}" = rport=445 | protocol=6 | dir=out | app=system |
"{95DA949D-91ED-4200-8886-74E03186950B}" = lport=445 | protocol=6 | dir=in | app=system |
"{970FC483-B29A-441E-AF0B-D45BC65797F7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B2D95D28-790D-4181-AB4A-ED669D2754EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD719241-10D8-4C09-A939-C91AB332BF69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E576910D-AE48-4C99-B99C-82BB2680CCA5}" = lport=138 | protocol=17 | dir=in | app=system |
"{E70F7620-77DC-4AF6-9381-19A0AE45CA9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6907584-2DEB-43C8-972B-583C110DAB7D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F7A194EC-37E0-43A3-BC02-46D4144B976F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FE33C7C0-7793-425C-B91A-BB833056B336}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B1CF2B-0A8C-47CE-BED6-76679DB5B29F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{084F1CDE-4735-42F8-BA6E-E85E07F03D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{197E8307-034F-48A8-9F4E-09F5A9E6B9E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A8D2116-5B92-47CA-8499-F436DAC06E3D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26C553FC-B6FB-4F94-92A1-41C1FBD563E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{306BE266-8FED-4FDB-9478-314137C587A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B51AEA8-6F74-47E8-A6FA-06FACDA18C75}" = protocol=6 | dir=out | app=system |
"{59D17769-54B2-459F-8AD2-CC3C44B255E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7309B57D-8A5A-41E2-85C1-4C6968282013}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E8298B9-85BC-4E64-B7A6-CF1052555303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5E76279-5439-4EA3-A239-E7E9DD40F850}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A6D0BC88-22B4-4BF6-A81F-4E64F6C6F771}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD77E79E-E3CD-4AB6-84A2-86CE9E7E23D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1295520-4A25-4CCD-A076-B71E3256D9E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D858892A-ED53-4C62-925D-7BBE4EB43D85}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5AAE11A-8C20-4CD0-8879-A2586638A081}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F427FC21-D32C-4959-8FDA-62F7B2E65048}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9482B6F-769F-4347-A864-1011961AA3BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBA4243F-4EED-4FCB-8EB1-AB41085C666B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDBF3E33-D90F-4259-B294-4F541E45AEFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDFD30FD-C125-4103-9A77-7F4A39D7979B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{3554916F-152B-4FEC-8871-FD4F18F312D1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{5982C37D-03B0-4162-9AAA-935E4D1F7B76}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{E1162748-662F-4F55-99B8-C8A358E92063}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{8096D88B-A96F-4DC0-9DB3-1518CD7E1165}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{9965F82D-2238-4861-9BAC-B313EA63B8CC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A861CD51-4315-4054-80D4-B7C972AB5661}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}" = SpyHunter
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A6E2BCB5-ACB8-4BE5-A7D3-AE4A44ADDBF9}" = ESET NOD32 Antivirus
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B01F3480-2241-4141-86F9-BF7ED85B44AD}" = Leadcore 57xx Driver Package
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Software Intel(R) PROSet/Wireless WiFi
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_AUDIO_HDA" = Conexant CX20582 SmartAudio HD
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"Integrated Camera" = Integrated Camera
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_PROHYBRIDR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D2C60-A55F-4fed-B2B9-17311226DF01}" = ThinkPad Wireless LAN Adapter Software
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.1 - Czech
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DD38EEF7-801F-4050-B6B0-8F0573141C7B}" = Mail Attachment Downloader v2.2
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"6103-4188-8184-5707" = RapidShare Manager 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced CSV Converter" = Advanced CSV Converter 2.85
"CDex" = CDex - Open Source Digital Audio CD Extractor
"conduitEngine" = Conduit Engine
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Family Tree Builder" = MyHeritage Family Tree Builder
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.05" = Freecorder 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.62.0.1300
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"O2CZ" = O2
"OpenVPN" = OpenVPN 2.1.4
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.3.2)
"searchya" = SearchYa! Web Search
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"YouTube Downloader_is1" = YouTube Downloader 2.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1895016164-440596700-571147792-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7f4182272b52fd8f" = CZShare Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31.8.2012 11:19:04 | Computer Name = NB-Lucka | Source = RasClient | ID = 20227
Description =

Error - 1.9.2012 11:52:32 | Computer Name = NB-Lucka | Source = RasClient | ID = 20227
Description =

Error - 1.9.2012 11:53:20 | Computer Name = NB-Lucka | Source = RasClient | ID = 20227
Description =

Error - 2.9.2012 9:27:45 | Computer Name = NB-Lucka | Source = VSS | ID = 8194
Description =

Error - 3.9.2012 7:27:40 | Computer Name = NB-Lucka | Source = VSS | ID = 18
Description =

Error - 3.9.2012 7:27:40 | Computer Name = NB-Lucka | Source = VSS | ID = 8193
Description =

Error - 3.9.2012 7:27:40 | Computer Name = NB-Lucka | Source = System Restore | ID = 8193
Description =

Error - 3.9.2012 7:34:06 | Computer Name = NB-Lucka | Source = VSS | ID = 18
Description =

Error - 3.9.2012 7:34:06 | Computer Name = NB-Lucka | Source = VSS | ID = 8193
Description =

Error - 3.9.2012 7:34:06 | Computer Name = NB-Lucka | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 26.10.2011 13:05:26 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5395
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 26.10.2011 13:15:03 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 557
seconds with 360 seconds of active time. This session ended with a crash.

Error - 27.10.2011 12:33:50 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 26437
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 9.11.2011 4:21:39 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 58096
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 14.11.2011 3:54:20 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2723
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 8.2.2012 12:18:18 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 112399
seconds with 3180 seconds of active time. This session ended with a crash.

Error - 27.2.2012 17:16:34 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 52061
seconds with 4500 seconds of active time. This session ended with a crash.

Error - 24.4.2012 16:03:32 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 44041
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 2.5.2012 12:17:25 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20116
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 9.5.2012 8:43:28 | Computer Name = NB-Lucka | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16651
seconds with 1200 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9.2.2012 3:25:22 | Computer Name = NB-Lucka | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{5A2711C2-29DD-4E3A-BF4F-247DCFE68C0C},
protože jiný počítač v síti má stejný název. Server nelze spustit.

Error - 10.2.2012 4:00:08 | Computer Name = NB-Lucka | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: cdrom

Error - 10.2.2012 4:02:49 | Computer Name = NB-Lucka | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{5A2711C2-29DD-4E3A-BF4F-247DCFE68C0C},
protože jiný počítač v síti má stejný název. Server nelze spustit.

Error - 10.2.2012 6:52:34 | Computer Name = NB-Lucka | Source = ACPI | ID = 327693
Description = : Integrovaný řadič neodpověděl během zadaného časového limitu. Může
to znamenat chybu hardwaru nebo firmwaru integrovaného řadiče nebo že systém BIOS
přistupuje k integrovanému řadiči nesprávně. Měli byste zjistit, zda výrobce počítače
nemá k dispozici upgrade systému BIOS. V některých situacích může tato chyba způsobit,
že počítač nebude pracovat správně.

Error - 10.2.2012 16:56:20 | Computer Name = NB-Lucka | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 10.2.2012 16:59:07 | Computer Name = NB-Lucka | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 10.2.2012 17:05:09 | Computer Name = NB-Lucka | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 11.2.2012 2:49:25 | Computer Name = NB-Lucka | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: cdrom

Error - 11.2.2012 2:53:28 | Computer Name = NB-Lucka | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{5A2711C2-29DD-4E3A-BF4F-247DCFE68C0C},
protože jiný počítač v síti má stejný název. Server nelze spustit.

Error - 12.2.2012 16:43:55 | Computer Name = NB-Lucka | Source = Service Control Manager | ID = 7043
Description = Služba Windows Update se po přijetí pokynu pro vypnutí neukončila
správně.

< End of report >

#32 Příspěvek od **vyosek** » 03 zář 2012 21:41

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytByC0DyB0BtB0EzzyEtAtN0D0Tzu0StBtByDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2136195426
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1E138283-B39A-9CC8-544C-2C1F1091EB6C}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytByC0DyB0BtB0EzzyEtAtN0D0Tzu0StBtByDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2136195426
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes,Backup.Old.DefaultScope = {59A80972-4669-4E3E-9355-D3452F3E684F}
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes,DefaultScope = {59A80972-4669-4E3E-9355-D3452F3E684F}
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{1E138283-B39A-9CC8-544C-2C1F1091EB6C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{59A80972-4669-4E3E-9355-D3452F3E684F}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytByC0DyB0BtB0EzzyEtAtN0D0Tzu0StBtByDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2136195426
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1895016164-440596700-571147792-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
FF - prefs.js..backup.old.browser.search.selectedEngine: "Freecorder Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1060933&SearchSource=13"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..extensions.enabledItems: ffxtlbr@searchya.com:1.5.1
[2011.09.27 14:52:28 | 000,000,923 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\searchplugins\conduit.xml
[2012.08.29 18:05:36 | 000,002,337 | ---- | M] () -- C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\searchplugins\Search.xml
File not found (No name found) -- C:\USERS\LUCKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP8BOW37.DEFAULT\EXTENSIONS\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
File not found (No name found) -- C:\USERS\LUCKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP8BOW37.DEFAULT\EXTENSIONS\FFXTLBR@SEARCHYA.COM
CHR - homepage: http://www.searchya.com/?s=0&a=foxtab&c ... 2136195426
CHR - homepage: http://www.searchya.com/?s=0&a=foxtab&c ... 2136195426
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2012.09.02 22:22:18 | 000,418,877 | ---- | M] () -- C:\Users\Lucka\Desktop\Live Security.rar
[2012.09.02 21:20:32 | 000,002,254 | ---- | M] () -- C:\Users\Lucka\Desktop\SpyHunter.lnk
[6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[19 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp files -> C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\489294e1d3268dfedeafacf78d8b47b8\*.tmp files -> C:\Windows\SoftwareDistribution\Download\489294e1d3268dfedeafacf78d8b47b8\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a1b04c1ca362f283a77e837735f285bb\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1b04c1ca362f283a77e837735f285bb\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a2e9f39d907c74bd8680f1cab49f4e76\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a2e9f39d907c74bd8680f1cab49f4e76\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
[2012.09.03 20:49:39 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.03 21:31:12 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.02 18:09:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000Core.job
[2012.09.03 21:09:13 | 000,000,962 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000UA.job

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"searchya"=-

:files
C:\PROGRA~2\SearchYa
C:\ProgramData\0C1CFB1300516FF0188504A5F875EF60
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Dr.Sova · #33 Příspěvek od **Dr.Sova** » 03 zář 2012 21:52

Tak posilam

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E138283-B39A-9CC8-544C-2C1F1091EB6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E138283-B39A-9CC8-544C-2C1F1091EB6C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKEY_USERS\S-1-5-21-1895016164-440596700-571147792-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1895016164-440596700-571147792-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1895016164-440596700-571147792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1895016164-440596700-571147792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1E138283-B39A-9CC8-544C-2C1F1091EB6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E138283-B39A-9CC8-544C-2C1F1091EB6C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1895016164-440596700-571147792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{59A80972-4669-4E3E-9355-D3452F3E684F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A80972-4669-4E3E-9355-D3452F3E684F}\ not found.
Registry key HKEY_USERS\S-1-5-21-1895016164-440596700-571147792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1895016164-440596700-571147792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Prefs.js: "Freecorder Customized Web Search" removed from backup.old.browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/?ctid=CT10609 ... hSource=13" removed from browser.startup.homepage
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: ffxtlbr@searchya.com:1.5.1 removed from extensions.enabledItems
C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\searchplugins\conduit.xml moved successfully.
C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default\searchplugins\Search.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\Lucka\Desktop\Live Security.rar moved successfully.
C:\Users\Lucka\Desktop\SpyHunter.lnk moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP284C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47EC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP579.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP665F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9359.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP141D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP168C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3BF7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP581F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5908.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP667A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP68FF.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6C89.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP819D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP925C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA4CE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB70D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD576.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD7A5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF82.tmp\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF82.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF85.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFDC4.tmp folder deleted successfully.
C:\Windows\Installer\MSIC738.tmp deleted successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FTHF06E.tmp\fthempty.txt deleted successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FTHF06E.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\489294e1d3268dfedeafacf78d8b47b8\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\489294e1d3268dfedeafacf78d8b47b8\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\489294e1d3268dfedeafacf78d8b47b8\BITFBF5.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a1b04c1ca362f283a77e837735f285bb\BIT68C6.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a2e9f39d907c74bd8680f1cab49f4e76\BIT703.tmp deleted successfully.
C:\Windows\temp\NOD730.tmp deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000Core.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895016164-440596700-571147792-1000UA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\searchya not found.
========== FILES ==========
File\Folder C:\PROGRA~2\SearchYa not found.
File\Folder C:\ProgramData\0C1CFB1300516FF0188504A5F875EF60 not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lucka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1393243 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69489232 bytes
->Google Chrome cache emptied: 389236758 bytes
->Flash cache emptied: 1180 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 439,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lucka
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lucka
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.60.0 log created on 09032012_224614

Files\Folders moved on Reboot...
C:\Users\Lucka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#34 Příspěvek od **vyosek** » 03 zář 2012 21:56

Poprosim o novy log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 a napiste co nas pacient

btw, pokracovani zitra, rano brzy vstavam

Diky za pochopeni a dobrou

Dr.Sova · #35 Příspěvek od **Dr.Sova** » 03 zář 2012 22:08

Posilam log. Dekuju za pomoc. Podivam se, jak je na tom ten nas pacient.

Kazdopadne dobrou noc a jeste jednou dekuju!

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lucka at 2012-09-03 23:04:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 139 GB (58%) free of 238 GB
Total RAM: 1913 MB (49% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c13c9936-02a6-4ce0-a107-f457a348f6bc -SystemEventPortName:HostProcess-223b07b4-1ccf-4793-8c1e-fbf3833af2fb -IoCancelEventPortName:HostProcess-476d8731-d03c-4612-8604-03165665e7d1 -NonStateChangingEventPortName:HostProcess-0c136429-da07-4744-b23f-79ccd6894dd7 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:bd57a0b7-ac2b-4fdc-8b38-f35f22820ed3
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
taskeng.exe {B4A90FF1-852D-491C-9596-0FC90541729B}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {9CC7DE82-3A9E-4550-87E2-BA015B9F1180}
"C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTL\MovedFiles\09032012_224614.log
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files (x86)\PDF24\pdf24.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\igfxext.exe -Embedding
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\wuauclt.exe"
"D:\RSITx64.exe"
wmiadap.exe /R /T
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1

=========Mozilla firefox=========

ProfilePath - C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\gp8bow37.default

prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.7.0.6, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, "", {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-01-29 517176]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-20 307768]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2010-07-27 69560]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2919168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-04-23 2097960]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2011-11-27 229376]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"PDFPrint"=C:\Program Files (x86)\PDF24\pdf24.exe [2010-11-18 215944]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 272896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-03-08 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-09-03 23:04:13 ----D---- C:\Program Files\trend micro
2012-09-03 22:46:14 ----D---- C:\_OTL
2012-09-03 21:06:59 ----D---- C:\Windows\temp
2012-09-03 20:56:10 ----A---- C:\ComboFix.txt
2012-09-03 20:49:58 ----D---- C:\$RECYCLE.BIN
2012-09-03 13:27:35 ----A---- C:\Windows\zip.exe
2012-09-03 13:27:35 ----A---- C:\Windows\SWSC.exe
2012-09-03 13:27:35 ----A---- C:\Windows\SWREG.exe
2012-09-03 13:27:35 ----A---- C:\Windows\sed.exe
2012-09-03 13:27:35 ----A---- C:\Windows\PEV.exe
2012-09-03 13:27:35 ----A---- C:\Windows\NIRCMD.exe
2012-09-03 13:27:35 ----A---- C:\Windows\MBR.exe
2012-09-03 13:27:35 ----A---- C:\Windows\grep.exe
2012-09-03 12:00:05 ----D---- C:\Qoobox
2012-09-03 11:59:42 ----D---- C:\Windows\erdnt
2012-09-02 22:51:37 ----D---- C:\Users\Lucka\AppData\Roaming\Malwarebytes
2012-09-02 22:51:33 ----D---- C:\ProgramData\Malwarebytes
2012-09-02 22:51:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-02 22:51:32 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-09-02 22:47:45 ----A---- C:\Windows\ntbtlog.txt
2012-09-02 21:31:13 ----D---- C:\Program Files (x86)\trend micro
2012-09-02 21:31:07 ----D---- C:\rsit
2012-09-02 21:20:31 ----D---- C:\sh4ldr
2012-09-02 21:20:31 ----D---- C:\Program Files\Enigma Software Group
2012-08-21 09:25:26 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-08-21 09:23:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-08-21 09:23:29 ----A---- C:\Windows\system32\mshtmled.dll
2012-08-21 09:23:28 ----A---- C:\Windows\SYSWOW64\url.dll
2012-08-21 09:23:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-08-21 09:23:27 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-08-21 09:23:27 ----A---- C:\Windows\system32\urlmon.dll
2012-08-21 09:23:27 ----A---- C:\Windows\system32\url.dll
2012-08-21 09:23:27 ----A---- C:\Windows\system32\iertutil.dll
2012-08-21 09:23:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-08-21 09:23:26 ----A---- C:\Windows\system32\ieui.dll
2012-08-21 09:23:25 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-08-21 09:23:25 ----A---- C:\Windows\system32\ieUnatt.exe
2012-08-21 09:23:23 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-08-21 09:23:23 ----A---- C:\Windows\system32\wininet.dll
2012-08-21 09:23:23 ----A---- C:\Windows\system32\jscript9.dll
2012-08-21 09:23:22 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-08-21 09:23:22 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-08-21 09:23:22 ----A---- C:\Windows\system32\jsproxy.dll
2012-08-21 09:23:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-08-21 09:23:21 ----A---- C:\Windows\system32\jscript.dll
2012-08-21 09:23:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-08-21 09:23:18 ----A---- C:\Windows\system32\mshtml.dll
2012-08-21 09:23:16 ----A---- C:\Windows\system32\ieframe.dll
2012-08-21 09:23:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-08-17 10:54:12 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-08-17 10:54:12 ----A---- C:\Windows\system32\srcore.dll
2012-08-17 10:54:05 ----A---- C:\Windows\system32\browser.dll
2012-08-17 10:54:05 ----A---- C:\Windows\system32\browcli.dll
2012-08-17 10:54:04 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-08-17 10:54:04 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-08-17 10:54:04 ----A---- C:\Windows\system32\netapi32.dll
2012-08-17 10:53:45 ----A---- C:\Windows\system32\win32k.sys
2012-08-17 10:53:30 ----A---- C:\Windows\system32\win32spl.dll
2012-08-17 10:53:29 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-08-17 10:53:29 ----A---- C:\Windows\system32\spoolsv.exe
2012-08-17 10:53:29 ----A---- C:\Windows\splwow64.exe
2012-08-17 10:53:25 ----A---- C:\Windows\system32\localspl.dll
2012-08-13 21:20:13 ----D---- C:\Program Files (x86)\JDownloader
2012-08-13 20:56:04 ----D---- C:\Program Files (x86)\SearchYa!

======List of files/folders modified in the last 1 month======

2012-09-03 23:04:13 ----RD---- C:\Program Files
2012-09-03 22:55:46 ----D---- C:\Windows\System32
2012-09-03 22:55:45 ----D---- C:\Windows\inf
2012-09-03 22:55:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-03 22:52:06 ----D---- C:\Windows\system32\config
2012-09-03 22:46:19 ----D---- C:\Windows\system32\drivers\etc
2012-09-03 22:46:16 ----SHD---- C:\Windows\Installer
2012-09-03 22:46:16 ----D---- C:\Windows\Tasks
2012-09-03 21:34:03 ----SHD---- C:\System Volume Information
2012-09-03 21:07:01 ----D---- C:\Windows\system32\drivers
2012-09-03 21:06:59 ----D---- C:\Windows
2012-09-03 20:50:02 ----A---- C:\Windows\system.ini
2012-09-03 20:43:25 ----D---- C:\Windows\SYSWOW64\drivers
2012-09-03 20:43:25 ----D---- C:\Windows\SysWOW64
2012-09-03 20:43:25 ----D---- C:\Windows\AppPatch
2012-09-03 20:43:24 ----D---- C:\Program Files (x86)\Common Files
2012-09-03 20:35:49 ----D---- C:\Windows\Prefetch
2012-09-03 20:27:21 ----D---- C:\ProgramData
2012-09-03 20:27:20 ----RD---- C:\Program Files (x86)
2012-09-03 13:24:46 ----SD---- C:\Users\Lucka\AppData\Roaming\Microsoft
2012-09-03 08:29:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-03 08:16:07 ----D---- C:\Windows\system32\catroot2
2012-09-02 23:44:45 ----D---- C:\Windows\system32\LogFiles
2012-09-02 21:20:39 ----D---- C:\Windows\system32\Tasks
2012-09-02 14:46:06 ----D---- C:\Users\Lucka\AppData\Roaming\Skype
2012-08-22 14:45:25 ----D---- C:\ProgramData\Skype
2012-08-22 14:45:11 ----RD---- C:\Program Files (x86)\Skype
2012-08-22 11:10:35 ----D---- C:\Users\Lucka\AppData\Roaming\skypePM
2012-08-21 23:50:13 ----D---- C:\Users\Lucka\AppData\Roaming\vlc
2012-08-21 12:38:16 ----D---- C:\Windows\winsxs
2012-08-21 12:36:02 ----RSD---- C:\Windows\Fonts
2012-08-21 12:36:02 ----D---- C:\Program Files (x86)\Internet Explorer
2012-08-21 12:36:01 ----D---- C:\Windows\SYSWOW64\migration
2012-08-21 12:36:01 ----D---- C:\Windows\system32\migration
2012-08-21 12:36:00 ----D---- C:\Program Files\Internet Explorer
2012-08-21 12:35:56 ----D---- C:\Windows\system32\DriverStore
2012-08-21 09:26:57 ----D---- C:\ProgramData\Microsoft Help
2012-08-21 09:25:37 ----D---- C:\Windows\system32\catroot
2012-08-21 09:17:07 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2010-11-05 13104]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R3 appliandMP;appliandMP; C:\Windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2010-08-18 54824]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-06-21 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2012-06-21 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-06-21 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-06-21 21288]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-02-19 720952]
R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2007-06-01 26928]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-03-09 1098784]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-04-23 318000]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-11-08 30720]
R3 usbsmi;Integrated Camera; C:\Windows\system32\DRIVERS\SMIksdrv.sys [2009-11-23 205952]
S0 szkg5;szkg5; SySWOW64\drivers\szkg64.sys []
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S3 appliand;Applian Network Service; C:\Windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 LeadCore_57XX_AutoEjecDiskDrv;LeadCore_57XX Auto-Eject Disk Monitor Filter Driver; C:\Windows\system32\drivers\LeadCore_57XX_AutoEjectCD.sys [2010-04-02 22352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-06-13 915232]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-18 810144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-10-19 1430288]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2007-06-01 43568]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-10-19 838928]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-08-21 1019328]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-18 42360]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2010-11-08 36352]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-29 1255736]

-----------------EOF-----------------

Dr.Sova · #36 Příspěvek od **Dr.Sova** » 04 zář 2012 12:21

Tak pocitac funguje zatim bez problemu. Parada!

Doporucujete jeste neco dalsiho? Dekuju!

#37 Příspěvek od **vyosek** » 04 zář 2012 20:34

To rad slysim, tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Dr.Sova · #38 Příspěvek od **Dr.Sova** » 07 zář 2012 09:59

Tak pote co se mi podarilo dostat vir z pocitace, tak me skolila angina. Nestacila jsem vam tedy poradne podekovat. Dodatecne tedy moc dekuju za pomoc!

#39 Příspěvek od **vyosek** » 07 zář 2012 21:22

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum

Re: Prosim o pomoc s odstranenim Live Security Platinum