Vir - exekuční příkaz

Zpráva

draczech · #1 Příspěvek od **draczech** » 15 črc 2014 22:32

Dobrý večer, prosil bych o pomoc. Dnes jsem se "nachytal" ve slabé chvilce na emailovou výzvu o exekuci a než jsem zjistil, že jde o vir, bylo již pozdě. Děkuji velmi za pomoc, windows funguje pouze v nouzovém režimu. Přikládám prosím log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Dzena at 2014-07-15 23:21:46
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 10 GB (6%) free of 153 GB
Total RAM: 3066 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:21:47, on 15.7.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Dzena\Downloads\RSIT (2).exe
C:\Program Files\trend micro\Dzena.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mojebanka.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&c ... =965495051
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4A99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FaceCons - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files\Facecons\facecons.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49DD-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dzena\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] "C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CQG AutoUpgrade Service (CQG.AutoUpgrade.StartUpNTService) - CQG, Inc. - C:\Program Files\CQG\CQG.AutoUpgrade.Service\CQG.AutoUpgrade.StartUpNTService.exe
O23 - Service: TT Guardian (guardian) - Trading Technologies International, Inc. - C:\tt\Guardian\guardian.exe
O23 - Service: TT Guardian Control (guardianctrl) - Trading Technologies International, Inc. - C:\tt\Guardian\GuardianCtrl.exe
O23 - Service: Služba Google Update (gupdate1c9f5b939127908) (gupdate1c9f5b939127908) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: TT Messaging (ttmd) - Trading Technologies International, Inc. - C:\tt\ttm\ttmd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13047 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "http://www.searchya.com/?s=0&a=foxtab&c ... =965495051"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... 2786678&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Picasa2\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
glarysearch.xml

C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\extensions\
ffxtlbr@searchya.com
yasearch@yandex.ru
{9d1f059c-cada-4111-9696-41a62d64e3ba}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\
askcom.xml
firmy.cz-130008.xml
mapy.cz-130008.xml
Search.xml
seznam.cz-130008.xml
videa.seznam.cz-130008.xml
ybqs-firmy.xml
ybqs-mapy.xml
ybqs-seznam.xml
ybqs-sz_vidia.xml
ybqs-zbozi.xml
zbozi.cz-130008.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll [2014-07-15 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyP1.dll [2010-01-04 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-07 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}]
FACECONS Class - C:\Program Files\Facecons\facecons.dll [2011-08-01 167424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyP1.dll [2010-01-04 2166296]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{98889811-442D-49DD-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll [2014-07-15 237680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-28 6144000]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-02-06 43848]
"ApnTBMon"=C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2014-06-24 1956760]
"UsbMonitor"=C:\Program Files\TrueSuite Access Manager\usbnotify.exe [2008-07-25 94208]
"TRCMan"=C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe [2008-04-30 692224]
"Toshiba TEMPO"=C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [2008-08-26 103824]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2008-03-03 536576]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2014-01-17 421888]
"PwdBank"=C:\Program Files\TrueSuite Access Manager\PwdBank.exe [2008-09-03 3152384]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-11-07 92704]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2014-02-21 152392]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2008-04-26 716800]
"Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]
"FingerPrintNotifer"=C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [2008-09-03 712704]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-11-17 726328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\Dzena\AppData\Local\Akamai\netsession_win.exe [2014-04-17 4672920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"com.apple.dav.bookmarks.daemon"=C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [2013-10-02 59720]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-04-24 430080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-02-28 18642024]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2008-04-15 2979144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dzena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-07-15 23:15:59 ----D---- C:\rsit
2014-07-15 23:15:59 ----D---- C:\Program Files\trend micro
2014-07-15 20:52:09 ----A---- C:\Windows\ntbtlog.txt
2014-07-15 17:10:19 ----D---- C:\Program Files\Simple Startup Manager
2014-07-15 15:10:29 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-15 15:10:10 ----D---- C:\ProgramData\Malwarebytes
2014-07-15 15:10:10 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 15:10:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-07-15 15:10:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-15 15:10:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-07-15 13:53:12 ----D---- C:\Users\Dzena\AppData\Roaming\AdobeChk
2014-06-27 10:34:33 ----A---- C:\Windows\system32\javaws.exe
2014-06-27 10:34:29 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2014-06-27 10:34:29 ----A---- C:\Windows\system32\javaw.exe
2014-06-27 10:34:29 ----A---- C:\Windows\system32\java.exe
2014-06-23 08:34:52 ----D---- C:\Program Files\CQG

======List of files/folders modified in the last 1 month======

2014-07-15 23:18:35 ----D---- C:\Windows\inf
2014-07-15 23:18:35 ----AD---- C:\Windows\System32
2014-07-15 23:18:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-15 23:15:59 ----RD---- C:\Program Files
2014-07-15 22:51:28 ----D---- C:\Windows\Temp
2014-07-15 21:51:57 ----D---- C:\Windows
2014-07-15 19:46:10 ----D---- C:\Program Files\CCleaner
2014-07-15 17:09:26 ----D---- C:\Windows\SoftwareDistribution
2014-07-15 17:09:26 ----D---- C:\Windows\Debug
2014-07-15 15:30:42 ----D---- C:\Program Files\ESET
2014-07-15 15:10:29 ----D---- C:\Windows\system32\drivers
2014-07-15 15:10:10 ----HD---- C:\ProgramData
2014-07-10 10:43:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 19:04:23 ----D---- C:\Windows\Prefetch
2014-07-08 11:57:38 ----SHD---- C:\System Volume Information
2014-07-07 20:05:55 ----D---- C:\Users\Dzena\AppData\Roaming\Skype
2014-06-27 10:37:52 ----SHD---- C:\Windows\Installer
2014-06-27 10:37:51 ----SHD---- C:\Config.Msi
2014-06-27 10:37:10 ----D---- C:\ProgramData\Oracle
2014-06-27 10:34:40 ----D---- C:\Program Files\Common Files\Java
2014-06-27 10:34:29 ----D---- C:\Program Files\Java
2014-06-23 08:39:22 ----D---- C:\Windows\winsxs
2014-06-20 20:58:23 ----D---- C:\SierraChart

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF mini-filter driver; C:\Windows\system32\Drivers\AlfaFF.sys [2008-07-25 42608]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 312344]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2008-05-07 25896]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-11-14 279376]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
R3 enecirhid;ENE CIR HID Receiver; C:\Windows\system32\DRIVERS\enecirhid.sys [2008-04-29 11264]
R3 enecirhidma;ENE CIR HIDmini Filter; C:\Windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2006-12-08 41984]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2006-12-08 5120]
S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 Andbus;LGE Android Platform Composite USB Device; C:\Windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
S3 AndDiag;LGE Android Platform USB Serial Port; C:\Windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\Windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
S3 ANDModem;LGE Android Platform USB Modem; C:\Windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2008-08-14 146944]
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-23 88576]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2014-01-23 20032]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
S3 huawei_cdcecm;huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2012-04-23 70016]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-02 2147544]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-05-21 86672]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-11-07 7574112]
S3 Pcouffin;Low level access layer for CD devices; C:\Windows\System32\Drivers\Pcouffin.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-23 184192]
S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-04-23 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 USBCCID;Čtecí zařízení čipových karet USB; C:\Windows\system32\DRIVERS\usbccid.sys [2009-04-11 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
S2 APNMCP;Ask Update Service; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-06-24 165784]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]
S2 Authentec memory manager;Authentec memory manager service; C:\Windows\system32\TAMSvr.exe [2008-09-02 49152]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 CQG.AutoUpgrade.StartUpNTService;CQG AutoUpgrade Service; C:\Program Files\CQG\CQG.AutoUpgrade.Service\CQG.AutoUpgrade.StartUpNTService.exe [2011-09-21 18432]
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 guardianctrl;TT Guardian Control; C:\tt\Guardian\GuardianCtrl.exe [2014-04-08 1265152]
S2 gupdate1c9f5b939127908;Služba Google Update (gupdate1c9f5b939127908); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-11-07 203296]
S2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
S2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-11-14 83312]
S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
S2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-11-04 464224]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-04-11 124264]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-07-15 106496]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10 262320]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 guardian;TT Guardian; C:\tt\Guardian\guardian.exe [2014-04-08 5861376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-24 194032]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-02-21 553288]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-31 117144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]
S3 ttmd;TT Messaging; C:\tt\ttm\ttmd.exe [2014-05-01 3084800]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 16 črc 2014 05:02

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

draczech · #3 Příspěvek od **draczech** » 16 črc 2014 10:21

Zdravím a děkuji za odezvu:)

Po stáhnutí junkware removal tool na plochu jsem program otevřel, po odkliknutí důvěryhodnosti mi vyskočilo nové okno s cestou C:/Windows/system32/cmd.exe s blikajícím kurzorem. Další akce již neprobíhá.

draczech · #4 Příspěvek od **draczech** » 16 črc 2014 10:31

Už se podařilo, přikládám log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dzena on st 16.07.2014 at 11:27:49,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\icq service.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\filesfrog update checker
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\icqtoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1392740
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2438727
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{607407AF-E774-B1F8-3351-4323F0FD9FCC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{031B1CCB-10AD-4231-B486-4C2528E63B9A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Dzena\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Dzena\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Dzena\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\facecons"
Successfully deleted: [Folder] "C:\Program Files\glarysoft toolbar"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\Program Files\searchya!"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Dzena\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Program Files\askpartnernetwork"

~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Dzena\AppData\Roaming\mozilla\firefox\profiles\0u885zan.default\user.js
Successfully deleted: [File] C:\Users\Dzena\AppData\Roaming\mozilla\firefox\profiles\0u885zan.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Dzena\AppData\Roaming\mozilla\firefox\profiles\0u885zan.default\searchplugins\search.xml
Successfully deleted: [Folder] C:\Users\Dzena\AppData\Roaming\mozilla\firefox\profiles\0u885zan.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Dzena\AppData\Roaming\mozilla\firefox\profiles\0u885zan.default\extensions\ffxtlbr@searchya.com
Successfully deleted: [Folder] C:\Users\Dzena\AppData\Roaming\mozilla\firefox\profiles\0u885zan.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted the following from C:\Users\Dzena\AppData\Roaming\mozilla\firefox\profiles\0u885zan.default\prefs.js

user_pref("CT2786678..clientLogIsEnabled", false);
user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
user_pref("CT2786678.BrowserCompStateIsOpen_130067977588633691", true);
user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);
user_pref("CT2786678.CTID", "CT2786678");
user_pref("CT2786678.CurrentServerDate", "24-3-2014");
user_pref("CT2786678.DSInstall", false);
user_pref("CT2786678.DialogsAlignMode", "LTR");
user_pref("CT2786678.DialogsGetterLastCheckTime", "Mon Mar 24 2014 21:28:55 GMT+0100");
user_pref("CT2786678.DownloadReferralCookieData", "");
user_pref("CT2786678.EMailNotifierPollDate", "Sat Jan 07 2012 12:57:19 GMT+0100");
user_pref("CT2786678.FeedLastCount5690698542593514850", 158);
user_pref("CT2786678.FeedPollDate2429156812186649977", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156813040823546", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156813130095866", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156813224203613", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156813230837251", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156813454291735", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156813729834876", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156813860870021", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156814264681793", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156814863075366", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedPollDate2429156815257761081", "Sat Jan 07 2012 12:37:18 GMT+0100");
user_pref("CT2786678.FeedTTL2429156813040823546", 15);
user_pref("CT2786678.FeedTTL2429156813130095866", 10);
user_pref("CT2786678.FeedTTL2429156813454291735", 5);
user_pref("CT2786678.FeedTTL2429156814264681793", 5);
user_pref("CT2786678.FirstServerDate", "7-1-2012");
user_pref("CT2786678.FirstTime", true);
user_pref("CT2786678.FirstTimeFF3", true);
user_pref("CT2786678.FixPageNotFoundErrors", true);
user_pref("CT2786678.GroupingServerCheckInterval", 1440);
user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2786678.HPInstall", false);
user_pref("CT2786678.HasUserGlobalKeys", true);
user_pref("CT2786678.Initialize", true);
user_pref("CT2786678.InitializeCommonPrefs", true);
user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
user_pref("CT2786678.InstallationId", "ConduitXPEIntegration");
user_pref("CT2786678.InstallationType", "ConduitXPEIntegration");
user_pref("CT2786678.InstalledDate", "Sat Jan 07 2012 12:37:17 GMT+0100");
user_pref("CT2786678.IsGrouping", false);
user_pref("CT2786678.IsInitSetupIni", true);
user_pref("CT2786678.IsMulticommunity", false);
user_pref("CT2786678.IsOpenThankYouPage", true);
user_pref("CT2786678.IsOpenUninstallPage", false);
user_pref("CT2786678.LanguagePackLastCheckTime", "Mon Mar 24 2014 21:28:55 GMT+0100");
user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2786678.LastLogin_3.12.0.7", "Mon May 14 2012 11:10:37 GMT+0200");
user_pref("CT2786678.LastLogin_3.12.2.3", "Wed Apr 03 2013 17:46:50 GMT+0200");
user_pref("CT2786678.LastLogin_3.18.0.7", "Wed Jul 31 2013 16:26:06 GMT+0200");
user_pref("CT2786678.LastLogin_3.19.0.3", "Mon Mar 24 2014 21:28:55 GMT+0100");
user_pref("CT2786678.LastLogin_3.8.1.0", "Sat Jan 07 2012 12:37:19 GMT+0100");
user_pref("CT2786678.LatestVersion", "3.20.0.4");
user_pref("CT2786678.Locale", "en");
user_pref("CT2786678.MCDetectTooltipHeight", "83");
user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2786678.MCDetectTooltipWidth", "295");
user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
user_pref("CT2786678.OriginalFirstVersion", "3.8.1.0");
user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
user_pref("CT2786678.SearchFromAddressBarIsInit", true);
user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
user_pref("CT2786678.SearchInNewTabEnabled", true);
user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
user_pref("CT2786678.SearchInNewTabLastCheckTime", "Mon Mar 24 2014 21:28:55 GMT+0100");
user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2786678.SearchProtectorToolbarDisabled", true);
user_pref("CT2786678.SendProtectorDataViaLogin", true);
user_pref("CT2786678.ServiceMapLastCheckTime", "Mon Mar 24 2014 21:28:55 GMT+0100");
user_pref("CT2786678.SettingsLastCheckTime", "Mon Mar 24 2014 21:28:55 GMT+0100");
user_pref("CT2786678.SettingsLastUpdate", "1395649908");
user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Jan 07 2012 12:37:16 GMT+0100");
user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2786678.ToolbarDisabled", false);
user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccin
user_pref("CT2786678.UserID", "UN81648977196587851");
user_pref("CT2786678.WeatherNetwork", "");
user_pref("CT2786678.WeatherPollDate", "Sat Jan 07 2012 12:37:19 GMT+0100");
user_pref("CT2786678.WeatherUnit", "C");
user_pref("CT2786678.alertChannelId", "1178763");
user_pref("CT2786678.autoDisableScopes", -1);
user_pref("CT2786678.backendstorage.cbfirsttime", "536174204A616E20303720323031322031323A33373A323820474D542B30313030");
user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F747261636B65722E637A746F7272656E742E6E65742F746F7272656E7473");
user_pref("CT2786678.backendstorage.url_history_time", "31333235393337343237393235");
user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sat Jan 07 2012 12:37:17 GMT+0100");
user_pref("CT2786678.homepageProtectorEnableByLogin", true);
user_pref("CT2786678.initDone", true);
user_pref("CT2786678.isAppTrackingManagerOn", true);
user_pref("CT2786678.myStuffEnabled", true);
user_pref("CT2786678.myStuffPublihserMinWidth", 400);
user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2786678.revertSettingsEnabled", true);
user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
user_pref("CT2786678.searchProtectorEnableByLogin", true);
user_pref("CT2786678.testingCtid", "");
user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Mon Mar 24 2014 21:28:55 GMT+0100");
user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sat Jan 07 2012 12:37:21 GMT+0100");
user_pref("CT2786678.usagesFlag", 1);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"cf3bcf90d7c60e13163d4e2ebbfe38503\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CZ", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1362324159\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"2a1a0d7b586ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"dfe74040abc2ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"7097fd37277b6a1b754b125bd11d0197\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9c176417efbe0484cb6833dc8540b1b3\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dzena\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\0u885zan.default\\conduitCommon\\modules\\3.8.1.0");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Jan 07 2012 12:37:25 GMT+0100");
user_pref("CommunityToolbar.globalUserId", "fbba510d-a902-4f46-8fc8-e891d59c3012");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Jan 07 2012 12:37:17 GMT+0100");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jan 07 2012 12:37:28 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Jan 07 2012 12:37:16 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "807d067b-4559-4717-a01e-c37bb9e898ee");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("browser.startup.homepage", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... BtFtCtFtCt
user_pref("extensions.searchya.aflt", "foxtab");
user_pref("extensions.searchya.autoRvrt", false);
user_pref("extensions.searchya.cntry", "CZ");
user_pref("extensions.searchya.dfltLng", "");
user_pref("extensions.searchya.dfltSrch", true);
user_pref("extensions.searchya.dnsErr", true);
user_pref("extensions.searchya.envrmnt", "production");
user_pref("extensions.searchya.excTlbr", false);
user_pref("extensions.searchya.hdrMd5", "E8A360C6DBE932225EB46F10EDD01B77");
user_pref("extensions.searchya.hmpg", true);
user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... zutBtFtCtF
user_pref("extensions.searchya.id", "00235A0590F77CD2");
user_pref("extensions.searchya.instlDay", "15573");
user_pref("extensions.searchya.instlRef", "tc-100");
user_pref("extensions.searchya.isdcmntcmplt", true);
user_pref("extensions.searchya.lastVrsnTs", "1.5.25.023:12:13");
user_pref("extensions.searchya.mntrvrsn", "1.3.0");
user_pref("extensions.searchya.newTab", true);
user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc- ... 2XzutBtFtC
user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"65\",\"lastVrsn\":\"65\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0
user_pref("extensions.searchya.prdct", "searchya");
user_pref("extensions.searchya.prtnrId", "searchya");
user_pref("extensions.searchya.sg", "none");
user_pref("extensions.searchya.smplGrp", "none");
user_pref("extensions.searchya.srchPrvdr", "Search");
user_pref("extensions.searchya.tlbrId", "base");
user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc- ... 1L2XzutBtF
user_pref("extensions.searchya.vrsn", "1.5.25.0");
user_pref("extensions.searchya.vrsnTs", "1.5.25.023:12:13");
user_pref("extensions.searchya.vrsni", "1.5.25.0");
user_pref("extensions.searchya_i.newTab", true);
user_pref("extensions.searchya_i.smplGrp", "none");
user_pref("extensions.searchya_i.vrsnTs", "1.5.25.023:12:13");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Emptied folder: C:\Users\Dzena\AppData\Roaming\mozilla\firefox\profiles\0u885zan.default\minidumps [7 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Dzena\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 16.07.2014 at 11:29:42,36
End of JRT log

draczech · #5 Příspěvek od **draczech** » 16 črc 2014 10:42

Nyní přikládám log z AdwCleaneru:

# AdwCleaner v3.215 - Report created 16/07/2014 at 11:34:16
# Updated 09/07/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Dzena - VO5
# Running from : C:\Users\Dzena\Desktop\adwcleaner_3.215.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP
Service Found : ICQ Service

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
Folder Found : C:\Program Files\GreenTree Applications
Folder Found : C:\Program Files\MyPlayCity
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\Users\Dzena\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Dzena\AppData\Local\Babylon
Folder Found : C:\Users\Dzena\AppData\Local\Conduit
Folder Found : C:\Users\Dzena\AppData\Local\FilesFrog Update Checker
Folder Found : C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Found : C:\Users\Dzena\AppData\Local\PackageAware
Folder Found : C:\Users\Dzena\AppData\Local\webplayer
Folder Found : C:\Users\Dzena\AppData\LocalLow\MyPlayCity

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Dzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk ( _?=C:\Users\Dzena\AppData\Local\WebPlayer\FLV Player )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\MyPlayCity
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPlayCity Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Found : HKCU\Software\searchya.com
Key Found : HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32DE29BA-826C-409D-BEB8-462C73241AF4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92D573BE-D766-499D-80A3-1E2CD95A076E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D573BE-D766-499D-80A3-1E2CD95A076E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32DE29BA-826C-409D-BEB8-462C73241AF4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPlayCity Toolbar
Key Found : HKLM\Software\MyPlayCity
Key Found : HKLM\Software\OpenCandy
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v22.0 (cs)

[ File : C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\prefs.js ]

Line Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"cf3bcf90d7c60e13163d4e2ebbfe38503\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CZ", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1362324159\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"0343677cfb1cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"2a1a0d7b586ce1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"dfe74040abc2ce1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"7097fd37277b6a1b754b125bd11d0197\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9c176417efbe0484cb6833dc8540b1b3\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dzena\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\0u885zan.default\\conduitCommon\\modules\\3.8.1.0");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com");
Line Found : user_pref("extensions.enabledAddons", "ffxtlbr%40searchya.com:1.5.1,yasearch%40yandex.ru:6.5.0,%7B7E77F5DF-8022-40e3-9122-F03DEBEFC43B%7D:2.0.4,%7Bbf7380fa-e3b4-4db2-af3e-9d8783a45bfc%7D:3.19.0.3,%7Bb[...]
Line Found : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"65\",\"lastVrsn\":\"65\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : bejbohlohkkgompgecdcbbglkpjfjgdj
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [10665 octets] - [16/07/2014 11:34:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10726 octets] ##########

#6 Příspěvek od **vyosek** » 16 črc 2014 20:13

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

draczech · #7 Příspěvek od **draczech** » 16 črc 2014 21:11

Přikládám log po restartu v NR:

# AdwCleaner v3.215 - Report created 16/07/2014 at 22:01:56
# Updated 09/07/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Dzena - VO5
# Running from : C:\Users\Dzena\Desktop\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Dzena\AppData\Local\webplayer
Folder Deleted : C:\Users\Dzena\AppData\LocalLow\MyPlayCity
Folder Deleted : C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Dzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92D573BE-D766-499D-80A3-1E2CD95A076E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D573BE-D766-499D-80A3-1E2CD95A076E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32DE29BA-826C-409D-BEB8-462C73241AF4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32DE29BA-826C-409D-BEB8-462C73241AF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}]
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\searchya.com
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\Software\MyPlayCity
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\OpenCandy
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\MyPlayCity
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPlayCity Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPlayCity Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v22.0 (cs)

[ File : C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\prefs.js ]

Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"cf3bcf90d7c60e13163d4e2ebbfe38503\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1362324159\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"2a1a0d7b586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"dfe74040abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"7097fd37277b6a1b754b125bd11d0197\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9c176417efbe0484cb6833dc8540b1b3\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dzena\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\0u885zan.default\\conduitCommon\\modules\\3.8.1.0");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40searchya.com:1.5.1,yasearch%40yandex.ru:6.5.0,%7B7E77F5DF-8022-40e3-9122-F03DEBEFC43B%7D:2.0.4,%7Bbf7380fa-e3b4-4db2-af3e-9d8783a45bfc%7D:3.19.0.3,%7Bb[...]
Line Deleted : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"65\",\"lastVrsn\":\"65\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : bejbohlohkkgompgecdcbbglkpjfjgdj
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [10807 octets] - [16/07/2014 11:34:16]
AdwCleaner[R1].txt - [10431 octets] - [16/07/2014 11:38:04]
AdwCleaner[R2].txt - [10492 octets] - [16/07/2014 13:09:19]
AdwCleaner[R3].txt - [10553 octets] - [16/07/2014 21:54:38]
AdwCleaner[R4].txt - [10673 octets] - [16/07/2014 22:01:06]
AdwCleaner[S0].txt - [869 octets] - [16/07/2014 11:35:13]
AdwCleaner[S1].txt - [345 octets] - [16/07/2014 21:55:26]
AdwCleaner[S2].txt - [10661 octets] - [16/07/2014 22:01:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10722 octets] ##########

#8 Příspěvek od **vyosek** » 16 črc 2014 21:17

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

draczech · #9 Příspěvek od **draczech** » 16 črc 2014 21:36

Děkuji a přikládám log:
Zoek.exe v5.0.0.0 Updated 15-07-2014
Tool run by Dzena on st 16.07.2014 at 22:20:51,12.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Dzena\AppData\Local\Temp\ZGTemp\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7FBB6559-11A7-4860-8713-74A38233B3CB} deleted successfully
HKEY_USERS\S-1-5-21-3986136040-3668684752-59250217-1000\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\prefs.js:
user_pref("backup.old.browser.startup.homepage", "http://www.seznam.cz/?clid=6826");
user_pref("backup.old.browser.search.selectedEngine", "Seznam");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default

user.js not found
---- Lines searchya modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\
---- Lines {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_16.07.2014_2230_.backup

==== Deleting Files \ Folders ======================

C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\extensions\ffxtlbr@searchya.com not found
C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found
C:\PROGRA~2\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} deleted
C:\Windows\system32\appdata deleted
C:\Program Files\Mozilla Firefox\searchplugins\glarysearch.xml deleted
C:\Program Files\Yahoo! deleted
C:\PROGRA~2\Yahoo! Companion deleted
C:\PROGRA~2\ICQ deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Dzena\AppData\Local\speeddial.crx deleted
C:\Users\Dzena\AppData\Local\TempDIR deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\Dzena\Searches deleted
C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\CT2786678 deleted
C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} deleted
"C:\Windows\Installer\185a76.msi" deleted
"C:\Users\Dzena\AppData\Local\V48ti" deleted
"C:\ProgramData\V48ti" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [01.09.2009 21:17]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04.04.2014 12:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default
- Yandex.Bar - %ProfilePath%\extensions\yasearch@yandex.ru
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- PsicoTSI - %ProfilePath%\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default
6B34823748BD3C10EB2816858025AFE9 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
233F187A5425045011A0DD51F8B48E0F - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
81CB790A6AD230090086C644DC871FC3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
4AD1613FEDB87B4B18CADE745235A625 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
1FBB6E454767A5B43DD980C7DE5D89F6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
3220B1254AEF7A191187EC03F51B3D61 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B2576571746839180833E048AC2CCA5C - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
6897943E58D779D1C7CB74191931B1D5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U60
7BF7103176DBFC80A31E275F7ED7918C - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.600.19
F71C9E5E3B1CBE60269D873E8313EDA3 - C:\Users\Dzena\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll - Cryptoplus KB – podepisovací modul
BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
398334B85CBD2CEED553CC5C160B0D8D - C:\Program Files\Software602\602XML\Filler\npfiller.dll - Software602 Form Filler
45D7F2FABDFD500E3C35DC068B552544 - C:\Program Files\Picasa2\npPicasa3.dll - Picasa
09B4E13D25623D879D35286E2D29FF13 - C:\Users\Dzena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
8DDF0253E783E740BF053E0FE7D8B6FE - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaajpkhjdkhhnkmgfjodbkfpbmibkkk - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 10:59]
lpadbdkobbgjgonnfnipfngifldcdfin - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx[]
oiabdeiamlolpdknhnpflnijogclooij - C:\Program Files\Facecons\facecons.crx[]

Ask Toolbar - Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk
Skype Click to Call - Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.mojebanka.cz/"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain ... &bmod=TSEA;"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain ... &bmod=TSEA"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.mojebanka.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{031B1CCB-10AD-4231-B486-4C2528E63B9A} Google Url="http://www.google.com/search?sourceid=i ... cs___CZ333"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{E8634919-4D23-43F1-BD54-0AACFA443499} WebHledani Url="http://www.webhledani.cz/results.aspx?i ... earchTerms}"

==== Reset Google Chrome ======================

C:\Users\Dzena\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Dzena\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2802CAEF-6153-0DF2-032B-5A7641A24C43} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpadbdkobbgjgonnfnipfngifldcdfin deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oiabdeiamlolpdknhnpflnijogclooij deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dzena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dzena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\yasearch-xb\packages\{fe0c1c8f-5fe8-4512-a604-734a055f7b4e}\modules\common\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=319 folders=90 12836123 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Dzena\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Dzena\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Dzena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on st 16.07.2014 at 22:33:54,57 ======================

#10 Příspěvek od **vyosek** » 16 črc 2014 21:38

Supr, pekne se nam to cisti...

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

draczech · #11 Příspěvek od **draczech** » 16 črc 2014 21:53

Přikládám log a addition

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Dzena (administrator) on VO5 on 16-07-2014 22:48:12
Running from C:\Users\Dzena\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6144000 2008-05-28] (Realtek Semiconductor)
HKLM\...\Run: [UsbMonitor] => C:\Program Files\TrueSuite Access Manager\usbnotify.exe [94208 2008-07-25] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S3].txt [1649 2014-07-16] ()
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\MountPoints2: {7ec6eb59-cf3d-11e2-ad5f-0022fa29e896} - D:\Autorun.exe
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\MountPoints2: {7ec6eb68-cf3d-11e2-ad5f-00235a0590f7} - D:\Autorun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: IconOvrly1 -> {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll (Arachnoid Biometrics Identification Group Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mojebanka.cz/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {031B1CCB-10AD-4231-B486-4C2528E63B9A}
SearchScopes: HKLM - {607407AF-E774-B1F8-3351-4323F0FD9FCC} URL = http://www.google.com/search?sourceid=i ... lz=1I7TSEA;
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - firmy.cz-130007 URL = http://www.firmy.cz/phr/{searchTerms}
SearchScopes: HKCU - mapy.cz-130007 URL = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
SearchScopes: HKCU - seznam.cz-130007 URL = http://search.babylon.com/web/{searchTe ... 22fa29e896
SearchScopes: HKCU - videa.seznam.cz-130007 URL = http://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKCU - zbozi.cz-130007 URL = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {031B1CCB-10AD-4231-B486-4C2528E63B9A} URL = http://www.google.com/search?sourceid=i ... cs___CZ333
SearchScopes: HKCU - {E8634919-4D23-43F1-BD54-0AACFA443499} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: NTIECatcher Class -> {C56CB6B0-0D96-11D6-8C65-B2868B609932} -> C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll (Xi)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 46.33.96.2 46.33.112.42

FireFox:
========
FF ProfilePath: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @kb-ext.cz/PKIComponent - C:\Users\Dzena\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Dzena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\firmy.cz-130008.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\mapy.cz-130008.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\seznam.cz-130008.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\videa.seznam.cz-130008.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\ybqs-firmy.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\ybqs-mapy.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\ybqs-seznam.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\ybqs-sz_vidia.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\ybqs-zbozi.xml
FF SearchPlugin: C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\searchplugins\zbozi.cz-130008.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Yandex.Bar - C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\Extensions\yasearch@yandex.ru [2012-06-02]
FF Extension: DownloadHelper - C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-11-04]
FF Extension: PsicoTSI - C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\Extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi [2013-07-31]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-31]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-03-25]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR StartupUrls: "hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=245&lng=cs"
CHR Extension: (Dokumenty Google) - C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Disk Google) - C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (YouTube) - C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-03]
CHR Extension: (Vyhledávání Google) - C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-03]
CHR Extension: (Skype Click to Call) - C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-07]
CHR Extension: (Peněženka Google) - C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Dzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-03]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

S2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S2 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [24576 2006-11-02] (Microsoft Corporation) [File not signed]
S2 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [9216 2006-10-05] (Agere Systems) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [59392 2008-01-21] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2008-01-21] (Microsoft Corporation) [File not signed]
S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [315392 2009-04-11] (Microsoft Corporation) [File not signed]
S2 Audiosrv; C:\Windows\System32\Audiosrv.dll [315392 2009-04-11] (Microsoft Corporation) [File not signed]
S2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2008-09-02] (AuthenTec Inc.) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [334848 2009-04-11] (Microsoft Corporation) [File not signed]
S2 BITS; C:\Windows\System32\qmgr.dll [758784 2009-04-11] (Microsoft Corporation) [File not signed]
S2 Browser; C:\Windows\System32\browser.dll [81920 2008-01-21] (Microsoft Corporation) [File not signed]
S2 CertPropSvc; C:\Windows\System32\certprop.dll [40448 2009-04-11] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2006-11-02] (Microsoft Corporation) [File not signed]
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S2 CQG.AutoUpgrade.StartUpNTService; C:\Program Files\CQG\CQG.AutoUpgrade.Service\CQG.AutoUpgrade.StartUpNTService.exe [18432 2011-09-21] (CQG, Inc.) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [133120 2012-06-02] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [550400 2009-04-11] (Microsoft Corporation) [File not signed]
S3 DFSR; C:\Windows\system32\DFSR.exe [2092544 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [204288 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [86528 2011-03-02] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [175616 2009-04-11] (Microsoft Corporation) [File not signed]
S2 DPS; C:\Windows\system32\dps.dll [134656 2008-01-21] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [57344 2008-01-21] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [292352 2008-01-21] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [131072 2006-11-02] (Microsoft Corporation) [File not signed]
S2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation) [File not signed]
S2 EMDMgmt; C:\Windows\system32\emdmgmt.dll [564224 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\Windows\System32\wevtsvc.dll [1017856 2009-04-11] (Microsoft Corporation) [File not signed]
S2 EventSystem; C:\Windows\system32\es.dll [268800 2009-04-11] (Microsoft Corporation) [File not signed]
S3 fdPHost; C:\Windows\system32\fdPHost.dll [13312 2008-01-21] (Microsoft Corporation) [File not signed]
S2 FDResPub; C:\Windows\system32\fdrespub.dll [27648 2006-11-02] (Microsoft Corporation) [File not signed]
S2 FontCache; C:\Windows\system32\FntCache.dll [797696 2011-02-22] (Microsoft Corporation) [File not signed]
S2 gpsvc; C:\Windows\System32\gpsvc.dll [576512 2009-04-11] (Microsoft Corporation) [File not signed]
S3 guardian; C:\tt\Guardian\guardian.exe [5861376 2014-04-08] (Trading Technologies International, Inc.) [File not signed]
S2 guardianctrl; C:\tt\Guardian\GuardianCtrl.exe [1265152 2014-04-08] (Trading Technologies International, Inc.) [File not signed]
S2 gupdate1c9f5b939127908; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-25] (Google Inc.)
S2 hidserv; C:\Windows\system32\hidserv.dll [26112 2009-04-11] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [68096 2008-01-21] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [438784 2009-04-11] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [74240 2008-01-21] (Microsoft Corporation) [File not signed]
S2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [200704 2010-02-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) [File not signed]
S2 KtmRm; C:\Windows\system32\msdtckrm.dll [344576 2008-01-21] (Microsoft Corporation) [File not signed]
S2 LanmanServer; C:\Windows\system32\srvsvc.dll [125952 2010-09-06] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [160256 2009-06-10] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [188928 2008-01-21] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18944 2006-11-02] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [53760 2008-01-21] (Microsoft Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [45056 2008-01-21] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [407552 2009-04-11] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [105984 2008-01-21] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [111616 2008-01-21] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2009-04-11] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [302592 2009-04-11] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [274432 2008-01-21] (Microsoft Corporation) [File not signed]
R2 netprofm; C:\Windows\System32\netprofm.dll [237056 2008-01-21] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [168448 2008-01-21] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [18432 2008-01-21] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) [File not signed]
S2 PcaSvc; C:\Windows\System32\pcasvc.dll [37888 2008-01-21] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1502208 2008-01-21] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [222720 2009-04-11] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [364032 2009-04-11] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [153088 2009-04-11] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [243712 2008-01-21] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2008-01-21] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [262144 2009-04-11] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [68608 2008-01-21] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [107008 2009-04-11] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [7680 2006-11-02] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [550400 2009-04-11] (Microsoft Corporation) [File not signed]
S2 SamSs; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) [File not signed]
R2 SCardSvr; C:\Windows\System32\SCardSvr.dll [95232 2009-04-11] (Microsoft Corporation) [File not signed]
S2 Schedule; C:\Windows\system32\schedsvc.dll [601600 2010-11-04] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [40448 2009-04-11] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [104960 2008-01-21] (Microsoft Corporation) [File not signed]
S2 seclogon; C:\Windows\system32\seclogon.dll [19968 2008-01-21] (Microsoft Corporation) [File not signed]
S2 SENS; C:\Windows\System32\sens.dll [47104 2008-01-21] (Microsoft Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [84992 2008-01-21] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [288256 2008-01-21] (Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation) [File not signed]
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 slsvc; C:\Windows\system32\SLsvc.exe [3408896 2009-04-11] (Microsoft Corporation) [File not signed]
S3 SLUINotify; C:\Windows\system32\SLUINotify.dll [60928 2009-04-11] (Microsoft Corporation) [File not signed]
S3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2006-11-02] (Microsoft Corporation) [File not signed]
S2 Spooler; C:\Windows\System32\spoolsv.exe [128000 2010-08-17] (Microsoft Corporation) [File not signed]
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [155648 2008-01-21] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [116736 2008-01-21] (Microsoft Corporation) [File not signed]
S2 stisvc; C:\Windows\System32\wiaservc.dll [453120 2009-04-11] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [311808 2009-04-11] (Microsoft Corporation) [File not signed]
S2 SysMain; C:\Windows\system32\sysmain.dll [558080 2009-04-11] (Microsoft Corporation) [File not signed]
S2 TabletInputService; C:\Windows\System32\TabSvc.dll [68096 2006-11-02] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [242688 2009-04-11] (Microsoft Corporation) [File not signed]
S2 TBS; C:\Windows\System32\tbssvc.dll [56320 2008-01-21] (Microsoft Corporation) [File not signed]
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
S2 TermService; C:\Windows\System32\termsrv.dll [449024 2009-04-11] (Microsoft Corporation) [File not signed]
S2 Themes; C:\Windows\system32\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [45056 2008-01-21] (Microsoft Corporation) [File not signed]
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [106496 2008-07-15] (TOSHIBA Corporation) [File not signed]
S2 TrkWks; C:\Windows\System32\trkwks.dll [75264 2008-01-21] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [39424 2009-04-11] (Microsoft Corporation) [File not signed]
S3 ttmd; C:\tt\ttm\ttmd.exe [3084800 2014-05-01] (Trading Technologies International, Inc.) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2008-01-21] (Microsoft Corporation) [File not signed]
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 upnphost; C:\Windows\System32\upnphost.dll [259072 2008-01-21] (Microsoft Corporation) [File not signed]
S2 UxSms; C:\Windows\System32\uxsms.dll [29184 2009-04-11] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [385536 2009-04-11] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1055232 2009-04-11] (Microsoft Corporation) [File not signed]
S2 W32Time; C:\Windows\system32\w32time.dll [282624 2009-04-11] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [413696 2009-04-11] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32256 2006-11-02] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [73728 2008-01-21] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [73728 2008-01-21] (Microsoft Corporation) [File not signed]
S2 WebClient; C:\Windows\System32\webclnt.dll [199680 2009-04-11] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [146944 2009-10-09] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [62976 2008-01-21] (Microsoft Corporation) [File not signed]
S2 WerSvc; C:\Windows\System32\WerSvc.dll [126976 2009-04-11] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [377344 2011-11-16] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [162304 2009-04-11] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1181696 2009-10-09] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [513536 2009-07-11] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [137728 2009-04-11] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [896512 2008-01-21] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [140288 2009-04-11] (Microsoft Corporation) [File not signed]
S2 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [81920 2009-10-01] (Microsoft Corporation) [File not signed]
S2 wscsvc; C:\Windows\System32\wscsvc.dll [61440 2009-04-11] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [441344 2009-04-11] (Microsoft Corporation) [File not signed]
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2011-04-21] (Microsoft Corporation) [File not signed]
S3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1161888 2006-11-28] (Agere Systems) [File not signed]
R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-07-25] (Alfa Corporation)
S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [41472 2008-01-21] (Microsoft Corporation) [File not signed]
S4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [44032 2008-01-21] (Microsoft Corporation) [File not signed]
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-07] (LG Electronics Inc.) [File not signed]
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-07] (LG Electronics Inc.) [File not signed]
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-07] (LG Electronics Inc.) [File not signed]
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-07] (LG Electronics Inc.) [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2008-01-21] (Microsoft Corporation) [File not signed]
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [467456 2006-11-02] (Atheros Communications, Inc.) [File not signed]
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2008-08-14] (AuthenTec, Inc.)
S3 Axtmvflt; C:\Windows\System32\DRIVERS\Axtmvflt.sys [3456 2007-03-22] (Axesstel) [File not signed]
S3 Axtmvmdm; C:\Windows\System32\DRIVERS\Axtmvmdm.sys [40064 2007-03-26] (Axesstel) [File not signed]
S3 Axtmvprt; C:\Windows\System32\Drivers\Axtmvprt.sys [38784 2007-03-26] (Axesstel) [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2008-01-21] (Microsoft Corporation) [File not signed]
S4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45568 2008-01-21] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] (Brother Industries, Ltd.) [File not signed]
S4 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] (Brother Industries Ltd.) [File not signed]
S4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] (Brother Industries Ltd.) [File not signed]
S4 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] (Brother Industries Ltd.) [File not signed]
S4 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] (Microsoft Corporation) [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2008-01-21] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2009-04-11] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [35328 2008-01-21] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14208 2008-01-21] (Microsoft Corporation) [File not signed]
S4 Crusoe; C:\Windows\system32\drivers\crusoe.sys [40960 2008-01-21] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [75264 2011-04-14] (Microsoft Corporation) [File not signed]
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2006-12-08] (Samsung Electronics Co., Ltd.) [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2008-01-21] (Microsoft Corporation) [File not signed]
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] (Intel Corporation) [File not signed]
R3 enecir; C:\Windows\System32\DRIVERS\enecir.sys [54784 2008-04-29] (ENE TECHNOLOGY INC.) [File not signed]
R3 enecirhid; C:\Windows\System32\DRIVERS\enecirhid.sys [11264 2008-04-29] (ENE TECHNOLOGY INC.) [File not signed]
R3 enecirhidma; C:\Windows\System32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.) [File not signed]
S4 ErrDev; C:\Windows\system32\drivers\errdev.sys [6656 2008-01-21] (Microsoft Corporation) [File not signed]
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11136 2010-03-20] (Huawei Technologies Co., Ltd.) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [136704 2009-04-11] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [142848 2009-04-11] (Microsoft Corporation) [File not signed]
S4 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2008-01-21] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2008-01-21] (Microsoft Corporation) [File not signed]
S4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2008-01-21] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
U1 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [12800 2012-02-29] (Microsoft Corporation) [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [235520 2006-11-02] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [561152 2009-04-11] (Microsoft Corporation) [File not signed]
S4 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [21504 2008-01-21] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12800 2009-04-11] (Microsoft Corporation) [File not signed]
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [411648 2010-02-20] (Microsoft Corporation) [File not signed]
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.) [File not signed]
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [76544 2012-04-23] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.) [File not signed]
R1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2008-01-21] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [41472 2008-01-21] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47616 2008-01-21] (Microsoft Corporation) [File not signed]
S4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [64512 2008-01-21] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [100864 2008-01-21] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2008-01-21] (Microsoft Corporation) [File not signed]
S3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [86672 2008-05-21] (JMicron Technology Corp.) [File not signed]
R1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [17408 2009-04-11] (Microsoft Corporation) [File not signed]
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2008-01-21] (Microsoft Corporation) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [84480 2008-01-21] (Microsoft Corporation) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2008-01-21] (Microsoft Corporation) [File not signed]
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2008-01-21] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2008-01-21] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [64000 2008-01-21] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [114688 2009-04-11] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [106496 2011-04-29] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [214016 2011-07-06] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [79872 2011-04-29] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2008-01-21] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2008-01-21] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2008-01-21] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2008-01-21] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2008-01-21] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [148480 2009-04-11] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2008-01-21] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2008-01-21] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [121344 2009-04-11] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [49664 2008-01-21] (Microsoft Corporation) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2008-01-21] (Microsoft Corporation) [File not signed]
R1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-11] (Microsoft Corporation) [File not signed]
R3 NETw5v32; C:\Windows\System32\DRIVERS\NETw5v32.sys [3658752 2008-04-28] (Intel Corporation) [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-04-11] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2008-01-21] (Microsoft Corporation) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-11] (Společnost Microsoft)
S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] (N-trig Innovative Technologies) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2008-01-21] (Microsoft Corporation) [File not signed]
S3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [7574112 2008-11-07] (NVIDIA Corporation) [File not signed]
R3 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [62208 2009-04-11] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2006-11-02] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2006-11-02] (Microsoft Corporation) [File not signed]
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [62976 2008-01-21] (Microsoft Corporation) [File not signed]
S4 Processor; C:\Windows\system32\drivers\processr.sys [40960 2008-01-21] (Microsoft Corporation) [File not signed]
R1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [72192 2009-04-11] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2008-01-21] (Microsoft Corporation) [File not signed]
R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2008-01-21] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [76288 2008-01-21] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2009-04-11] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [69120 2009-04-11] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [225280 2009-04-11] (Microsoft Corporation) [File not signed]
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2008-01-21] (Microsoft Corporation) [File not signed]
S4 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [248832 2008-01-21] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2008-01-21] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [180736 2012-05-01] (Microsoft Corporation) [File not signed]
S3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2008-01-21] (Microsoft Corporation) [File not signed]
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2008-01-21] (Microsoft Corporation) [File not signed]
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [118784 2008-04-15] (Realtek Corporation ) [File not signed]
S4 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [88576 2008-01-21] (Microsoft Corporation) [File not signed]
S2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2006-11-02] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2006-11-02] (Microsoft Corporation) [File not signed]
S4 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2008-01-21] (Microsoft Corporation) [File not signed]
S4 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2008-01-21] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2008-01-21] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [11776 2008-01-21] (Microsoft Corporation) [File not signed]
S4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] (Microsoft Corporation) [File not signed]
R1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66560 2009-04-11] (Microsoft Corporation) [File not signed]
S3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1010560 2006-11-02] (Motorola Inc.) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider) [File not signed]
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [305152 2011-02-18] (Microsoft Corporation) [File not signed]
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2011-04-29] (Microsoft Corporation) [File not signed]
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [102400 2011-04-29] (Microsoft Corporation) [File not signed]
S2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2006-12-08] (Samsung Electronics) [File not signed]
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [30720 2009-12-08] (Microsoft Corporation) [File not signed]
R3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2006-10-18] (TOSHIBA Corporation.) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2008-01-21] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29184 2008-01-21] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [72192 2009-04-11] (Microsoft Corporation) [File not signed]
S3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [41472 2008-03-25] (TOSHIBA Corporation) [File not signed]
S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [131712 2008-04-23] (TOSHIBA CORPORATION) [File not signed]
S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36608 2007-11-29] (TOSHIBA Corporation) [File not signed]
S1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [64128 2007-10-02] (TOSHIBA Corporation) [File not signed]
R3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [9216 2006-10-23] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74112 2008-03-19] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-07] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [54144 2008-01-22] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [41856 2007-10-18] (TOSHIBA CORPORATION) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2008-01-21] (Microsoft Corporation) [File not signed]
R3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [15360 2008-01-21] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [25088 2010-02-18] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [226816 2009-04-11] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2008-01-21] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2008-01-21] (Microsoft Corporation) [File not signed]
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [30208 2009-04-11] (Microsoft Corporation) [File not signed]
S4 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2009-04-11] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [196096 2009-04-11] (Microsoft Corporation) [File not signed]
S4 usbohci; C:\Windows\system32\drivers\usbohci.sys [19456 2006-11-02] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [18944 2008-01-21] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2008-01-21] (Microsoft Corporation) [File not signed]
S3 usbser; C:\Windows\System32\drivers\usbser.sys [27648 2009-04-11] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [65536 2009-04-11] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [23552 2008-01-21] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [134016 2008-01-21] (Microsoft Corporation) [File not signed]
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2008-01-21] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2008-01-21] (Microsoft Corporation) [File not signed]
S4 ViaC7; C:\Windows\system32\drivers\viac7.sys [41472 2008-01-21] (Microsoft Corporation) [File not signed]
S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] (Microsoft Corporation) [File not signed]
S3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] (Microsoft Corporation) [File not signed]
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] (Microsoft Corporation) [File not signed]
S4 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2008-01-21] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [40448 2009-10-01] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2008-01-21] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) [File not signed]
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Pcouffin; System32\Drivers\Pcouffin.sys [X]
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-16 22:48 - 2014-07-16 22:49 - 00049532 _____ () C:\Users\Dzena\Desktop\FRST.txt
2014-07-16 22:48 - 2014-07-16 22:48 - 00000000 ____D () C:\FRST
2014-07-16 22:47 - 2014-07-16 22:47 - 00029696 _____ () C:\Users\Dzena\AppData\Local\MSGBOX.EXE
2014-07-16 22:47 - 2014-07-16 22:47 - 00015327 _____ () C:\Users\Dzena\Desktop\LM.bat
2014-07-16 22:45 - 2014-07-16 22:45 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Desktop\FRSTLauncher (2).exe
2014-07-16 22:43 - 2014-07-16 22:43 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Downloads\Nepotvrzeno 57379.crdownload
2014-07-16 22:43 - 2014-07-16 22:43 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Downloads\Nepotvrzeno 399614.crdownload
2014-07-16 22:42 - 2014-07-16 22:42 - 01077248 _____ (Farbar) C:\Users\Dzena\Desktop\FRST.exe
2014-07-16 22:41 - 2014-07-16 22:41 - 00024646 _____ () C:\Users\Dzena\Desktop\stažený soubor.htm
2014-07-16 22:31 - 2014-07-16 22:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-16 22:24 - 2014-07-16 22:33 - 00015072 _____ () C:\zoek-results.log
2014-07-16 22:21 - 2014-07-14 15:16 - 01287168 _____ () C:\Users\Dzena\Desktop\zoek.exe
2014-07-16 22:21 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Dzena\Desktop\zoek.scr
2014-07-16 22:21 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Dzena\Desktop\zoek.com
2014-07-16 22:20 - 2014-07-16 22:31 - 00000000 ____D () C:\zoek_backup
2014-07-16 22:20 - 2014-07-16 22:20 - 04102729 _____ () C:\Users\Dzena\Desktop\zoek (1).zip
2014-07-16 22:19 - 2014-07-16 22:20 - 04102729 _____ () C:\Users\Dzena\Downloads\zoek.zip
2014-07-16 22:04 - 2014-07-16 22:33 - 00000948 _____ () C:\Windows\PFRO.log
2014-07-16 16:12 - 2014-07-16 16:12 - 00000034 _____ () C:\Windows\setupact.log
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 12:50 - 2014-07-16 12:50 - 00670696 _____ () C:\Users\Dzena\Downloads\StarterSetup.zip
2014-07-16 12:50 - 2014-07-16 12:50 - 00001869 _____ () C:\Users\Dzena\Desktop\CodeStuff Starter.lnk
2014-07-16 12:50 - 2014-07-16 12:50 - 00000000 ____D () C:\Users\Dzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeStuff Starter
2014-07-16 12:50 - 2014-07-16 12:50 - 00000000 ____D () C:\Program Files\CodeStuff
2014-07-16 11:34 - 2014-07-16 22:06 - 00000000 ____D () C:\AdwCleaner
2014-07-16 11:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-16 11:32 - 2014-07-16 11:32 - 01348263 _____ () C:\Users\Dzena\Desktop\adwcleaner_3.215.exe
2014-07-16 11:29 - 2014-07-16 11:29 - 00029199 _____ () C:\Users\Dzena\Desktop\JRT.txt
2014-07-16 11:27 - 2014-07-16 11:27 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 11:09 - 2014-07-16 11:09 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT (2).exe
2014-07-16 11:06 - 2014-07-16 11:06 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT (1).exe
2014-07-16 11:05 - 2014-07-16 11:05 - 01016261 _____ (Thisisu) C:\Users\Dzena\Desktop\JRT (1).exe
2014-07-16 11:03 - 2014-07-16 11:03 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT.exe
2014-07-16 00:37 - 2014-07-16 00:37 - 00018417 _____ () C:\2014-07-16.hrf
2014-07-15 23:46 - 2014-07-15 23:46 - 02347384 _____ (ESET) C:\Users\Dzena\Downloads\esetsmartinstaller_csy.exe
2014-07-15 23:21 - 2014-07-15 23:21 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT (2).exe
2014-07-15 23:21 - 2014-07-15 23:21 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT (1).exe
2014-07-15 23:15 - 2014-07-15 23:21 - 00000000 ____D () C:\Program Files\trend micro
2014-07-15 23:15 - 2014-07-15 23:17 - 00000000 ____D () C:\rsit
2014-07-15 23:15 - 2014-07-15 23:15 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT.exe
2014-07-15 21:56 - 2014-07-15 21:56 - 00000967 _____ () C:\Users\Dzena\Documents\Untitled.startup
2014-07-15 21:51 - 2014-07-16 12:31 - 00001464 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 17:10 - 2014-07-15 17:10 - 00000900 _____ () C:\Users\Dzena\Desktop\Simple Startup Manager.lnk
2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Startup Manager
2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\Program Files\Simple Startup Manager
2014-07-15 15:10 - 2014-07-15 20:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 15:10 - 2014-07-15 15:10 - 00000904 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 15:10 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 15:10 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 15:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-15 14:24 - 2014-07-16 15:31 - 00000000 ____D () C:\Users\Dzena\Desktop\Záloha 15.7.2014
2014-07-15 13:53 - 2014-07-15 21:19 - 00000000 ____D () C:\Users\Dzena\AppData\Roaming\AdobeChk
2014-07-14 20:01 - 2014-07-14 20:01 - 00018237 _____ () C:\2014-07-14.hrf
2014-07-13 15:44 - 2014-07-13 15:44 - 00018233 _____ () C:\2014-07-13.hrf
2014-07-11 19:34 - 2014-07-11 19:37 - 00017912 _____ () C:\2014-07-11.hrf
2014-07-09 19:05 - 2014-07-09 19:05 - 00018407 _____ () C:\2014-07-09.hrf
2014-07-08 11:21 - 2014-07-08 11:21 - 00018441 _____ () C:\2014-07-08.hrf
2014-07-07 11:05 - 2014-07-07 11:05 - 00018441 _____ () C:\2014-07-07.hrf
2014-07-06 15:26 - 2014-07-06 15:26 - 00018751 _____ () C:\2014-07-06.hrf
2014-06-28 10:49 - 2014-06-28 10:49 - 00018788 _____ () C:\2014-06-28.hrf
2014-06-27 10:34 - 2014-06-27 10:34 - 00005487 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-27 10:34 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-27 10:34 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-27 10:34 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-27 10:34 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-27 09:15 - 2014-06-27 09:15 - 00018793 _____ () C:\2014-06-27.hrf
2014-06-26 08:45 - 2014-06-26 21:36 - 00018793 _____ () C:\2014-06-26.hrf
2014-06-25 19:54 - 2014-06-25 20:00 - 00018778 _____ () C:\2014-06-25.hrf
2014-06-23 08:39 - 2014-06-23 08:39 - 00001891 _____ () C:\Users\Public\Desktop\CQG Trader .lnk
2014-06-23 08:39 - 2014-06-23 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CQG
2014-06-23 08:38 - 2014-06-23 08:38 - 00000000 ____D () C:\Users\Dzena\AppData\Local\CQG
2014-06-23 08:34 - 2014-06-23 08:38 - 00000000 ____D () C:\Program Files\CQG
2014-06-21 17:09 - 2014-06-21 17:09 - 00018418 _____ () C:\2014-06-21.hrf
2014-06-20 09:04 - 2014-06-20 20:46 - 00018204 _____ () C:\2014-06-20.hrf
2014-06-19 09:37 - 2014-06-19 22:18 - 00017656 _____ () C:\2014-06-19.hrf
2014-06-18 17:21 - 2014-06-18 17:23 - 00017656 _____ () C:\2014-06-18.hrf
2014-06-16 10:58 - 2014-06-16 10:58 - 00018206 _____ () C:\2014-06-16.hrf

==================== One Month Modified Files and Folders =======

2014-07-16 22:49 - 2014-07-16 22:48 - 00049532 _____ () C:\Users\Dzena\Desktop\FRST.txt
2014-07-16 22:48 - 2014-07-16 22:48 - 00000000 ____D () C:\FRST
2014-07-16 22:47 - 2014-07-16 22:47 - 00029696 _____ () C:\Users\Dzena\AppData\Local\MSGBOX.EXE
2014-07-16 22:47 - 2014-07-16 22:47 - 00015327 _____ () C:\Users\Dzena\Desktop\LM.bat
2014-07-16 22:45 - 2014-07-16 22:45 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Desktop\FRSTLauncher (2).exe
2014-07-16 22:43 - 2014-07-16 22:43 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Downloads\Nepotvrzeno 57379.crdownload
2014-07-16 22:43 - 2014-07-16 22:43 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Downloads\Nepotvrzeno 399614.crdownload
2014-07-16 22:42 - 2014-07-16 22:42 - 01077248 _____ (Farbar) C:\Users\Dzena\Desktop\FRST.exe
2014-07-16 22:42 - 2009-09-17 09:53 - 00001356 _____ () C:\Users\Dzena\AppData\Local\d3d9caps.dat
2014-07-16 22:41 - 2014-07-16 22:41 - 00024646 _____ () C:\Users\Dzena\Desktop\stažený soubor.htm
2014-07-16 22:33 - 2014-07-16 22:24 - 00015072 _____ () C:\zoek-results.log
2014-07-16 22:33 - 2014-07-16 22:04 - 00000948 _____ () C:\Windows\PFRO.log
2014-07-16 22:31 - 2014-07-16 22:20 - 00000000 ____D () C:\zoek_backup
2014-07-16 22:31 - 2009-06-25 16:34 - 00000000 ____D () C:\Users\Dzena
2014-07-16 22:20 - 2014-07-16 22:31 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-16 22:20 - 2014-07-16 22:20 - 04102729 _____ () C:\Users\Dzena\Desktop\zoek (1).zip
2014-07-16 22:20 - 2014-07-16 22:19 - 04102729 _____ () C:\Users\Dzena\Downloads\zoek.zip
2014-07-16 22:20 - 2009-11-16 13:14 - 00003629 _____ () C:\Users\Dzena\AppData\Roaming\mainhst.zgh
2014-07-16 22:06 - 2014-07-16 11:34 - 00000000 ____D () C:\AdwCleaner
2014-07-16 22:02 - 2012-08-21 23:11 - 00000000 ____D () C:\Users\Dzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-07-16 21:59 - 2008-01-21 08:47 - 01524722 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 21:43 - 2009-06-30 10:29 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 21:43 - 2009-06-30 10:29 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 21:43 - 2009-06-25 16:39 - 00027839 _____ () C:\ProgramData\nvModes.001
2014-07-16 21:43 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 21:43 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 21:43 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:19 - 2014-06-02 11:51 - 00002457 _____ () C:\Users\Public\Desktop\NinjaTrader 7.lnk
2014-07-16 16:12 - 2014-07-16 16:12 - 00000034 _____ () C:\Windows\setupact.log
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 15:31 - 2014-07-15 14:24 - 00000000 ____D () C:\Users\Dzena\Desktop\Záloha 15.7.2014
2014-07-16 12:50 - 2014-07-16 12:50 - 00670696 _____ () C:\Users\Dzena\Downloads\StarterSetup.zip
2014-07-16 12:50 - 2014-07-16 12:50 - 00001869 _____ () C:\Users\Dzena\Desktop\CodeStuff Starter.lnk
2014-07-16 12:50 - 2014-07-16 12:50 - 00000000 ____D () C:\Users\Dzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeStuff Starter
2014-07-16 12:50 - 2014-07-16 12:50 - 00000000 ____D () C:\Program Files\CodeStuff
2014-07-16 12:31 - 2014-07-15 21:51 - 00001464 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 11:32 - 2014-07-16 11:32 - 01348263 _____ () C:\Users\Dzena\Desktop\adwcleaner_3.215.exe
2014-07-16 11:29 - 2014-07-16 11:29 - 00029199 _____ () C:\Users\Dzena\Desktop\JRT.txt
2014-07-16 11:27 - 2014-07-16 11:27 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 11:09 - 2014-07-16 11:09 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT (2).exe
2014-07-16 11:06 - 2014-07-16 11:06 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT (1).exe
2014-07-16 11:05 - 2014-07-16 11:05 - 01016261 _____ (Thisisu) C:\Users\Dzena\Desktop\JRT (1).exe
2014-07-16 11:03 - 2014-07-16 11:03 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT.exe
2014-07-16 00:37 - 2014-07-16 00:37 - 00018417 _____ () C:\2014-07-16.hrf
2014-07-15 23:46 - 2014-07-15 23:46 - 02347384 _____ (ESET) C:\Users\Dzena\Downloads\esetsmartinstaller_csy.exe
2014-07-15 23:21 - 2014-07-15 23:21 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT (2).exe
2014-07-15 23:21 - 2014-07-15 23:21 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT (1).exe
2014-07-15 23:21 - 2014-07-15 23:15 - 00000000 ____D () C:\Program Files\trend micro
2014-07-15 23:17 - 2014-07-15 23:15 - 00000000 ____D () C:\rsit
2014-07-15 23:15 - 2014-07-15 23:15 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT.exe
2014-07-15 23:02 - 2006-11-02 15:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 21:56 - 2014-07-15 21:56 - 00000967 _____ () C:\Users\Dzena\Documents\Untitled.startup
2014-07-15 21:45 - 2012-04-03 08:59 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 21:19 - 2014-07-15 13:53 - 00000000 ____D () C:\Users\Dzena\AppData\Roaming\AdobeChk
2014-07-15 20:56 - 2014-07-15 15:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 19:46 - 2012-10-25 19:13 - 00000809 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-15 19:46 - 2011-05-07 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-15 19:46 - 2010-01-21 16:12 - 00000000 ____D () C:\Users\Dzena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-15 19:46 - 2010-01-21 16:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-15 17:10 - 2014-07-15 17:10 - 00000900 _____ () C:\Users\Dzena\Desktop\Simple Startup Manager.lnk
2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Startup Manager
2014-07-15 17:10 - 2014-07-15 17:10 - 00000000 ____D () C:\Program Files\Simple Startup Manager
2014-07-15 15:30 - 2010-03-25 19:28 - 00000000 ____D () C:\Program Files\ESET
2014-07-15 15:10 - 2014-07-15 15:10 - 00000904 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 13:40 - 2009-06-25 16:38 - 00027839 _____ () C:\ProgramData\nvModes.dat
2014-07-14 20:01 - 2014-07-14 20:01 - 00018237 _____ () C:\2014-07-14.hrf
2014-07-14 15:16 - 2014-07-16 22:21 - 01287168 _____ () C:\Users\Dzena\Desktop\zoek.exe
2014-07-14 15:11 - 2014-07-16 22:21 - 01417360 _____ () C:\Users\Dzena\Desktop\zoek.scr
2014-07-14 15:11 - 2014-07-16 22:21 - 01417360 _____ () C:\Users\Dzena\Desktop\zoek.com
2014-07-13 15:44 - 2014-07-13 15:44 - 00018233 _____ () C:\2014-07-13.hrf
2014-07-13 15:22 - 2009-01-28 17:31 - 00002675 _____ () C:\Users\Dzena\Desktop\Microsoft Office Word 2007.lnk
2014-07-11 19:37 - 2014-07-11 19:34 - 00017912 _____ () C:\2014-07-11.hrf
2014-07-10 10:43 - 2012-04-03 08:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-10 10:43 - 2011-06-03 07:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 19:05 - 2014-07-09 19:05 - 00018407 _____ () C:\2014-07-09.hrf
2014-07-08 11:21 - 2014-07-08 11:21 - 00018441 _____ () C:\2014-07-08.hrf
2014-07-07 20:05 - 2009-06-25 19:19 - 00000000 ____D () C:\Users\Dzena\AppData\Roaming\Skype
2014-07-07 11:05 - 2014-07-07 11:05 - 00018441 _____ () C:\2014-07-07.hrf
2014-07-06 15:26 - 2014-07-06 15:26 - 00018751 _____ () C:\2014-07-06.hrf
2014-06-28 10:49 - 2014-06-28 10:49 - 00018788 _____ () C:\2014-06-28.hrf
2014-06-27 10:37 - 2013-10-21 11:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-27 10:34 - 2014-06-27 10:34 - 00005487 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-27 10:34 - 2009-01-28 16:05 - 00000000 ____D () C:\Program Files\Java
2014-06-27 10:34 - 2009-01-28 16:05 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-27 09:15 - 2014-06-27 09:15 - 00018793 _____ () C:\2014-06-27.hrf
2014-06-26 21:36 - 2014-06-26 08:45 - 00018793 _____ () C:\2014-06-26.hrf
2014-06-25 20:00 - 2014-06-25 19:54 - 00018778 _____ () C:\2014-06-25.hrf
2014-06-23 08:39 - 2014-06-23 08:39 - 00001891 _____ () C:\Users\Public\Desktop\CQG Trader .lnk
2014-06-23 08:39 - 2014-06-23 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CQG
2014-06-23 08:38 - 2014-06-23 08:38 - 00000000 ____D () C:\Users\Dzena\AppData\Local\CQG
2014-06-23 08:38 - 2014-06-23 08:34 - 00000000 ____D () C:\Program Files\CQG
2014-06-21 17:09 - 2014-06-21 17:09 - 00018418 _____ () C:\2014-06-21.hrf
2014-06-20 20:58 - 2014-03-19 17:23 - 00000000 ____D () C:\SierraChart
2014-06-20 20:46 - 2014-06-20 09:04 - 00018204 _____ () C:\2014-06-20.hrf
2014-06-19 22:18 - 2014-06-19 09:37 - 00017656 _____ () C:\2014-06-19.hrf
2014-06-18 17:23 - 2014-06-18 17:21 - 00017656 _____ () C:\2014-06-18.hrf
2014-06-16 10:58 - 2014-06-16 10:58 - 00018206 _____ () C:\2014-06-16.hrf

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-16 22:24

==================== End Of Log ============================

#12 Příspěvek od **vyosek** » 17 črc 2014 17:25

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S3].txt [1649 2014-07-16] ()
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\MountPoints2: {7ec6eb59-cf3d-11e2-ad5f-0022fa29e896} - D:\Autorun.exe
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\MountPoints2: {7ec6eb68-cf3d-11e2-ad5f-00235a0590f7} - D:\Autorun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {031B1CCB-10AD-4231-B486-4C2528E63B9A}
SearchScopes: HKLM - {607407AF-E774-B1F8-3351-4323F0FD9FCC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - seznam.cz-130007 URL = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101568&mntrId=3a457cd20000000000000022fa29e896

FF Extension: Yandex.Bar - C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\Extensions\yasearch@yandex.ru [2012-06-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-31]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-31]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-03-25]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

CHR StartupUrls: "hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=245&lng=cs"
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Pcouffin; System32\Drivers\Pcouffin.sys [X]
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]

2014-07-16 22:47 - 2014-07-16 22:47 - 00029696 _____ () C:\Users\Dzena\AppData\Local\MSGBOX.EXE
2014-07-16 22:47 - 2014-07-16 22:47 - 00015327 _____ () C:\Users\Dzena\Desktop\LM.bat
2014-07-16 22:45 - 2014-07-16 22:45 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Desktop\FRSTLauncher (2).exe
2014-07-16 22:43 - 2014-07-16 22:43 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Downloads\Nepotvrzeno 57379.crdownload
2014-07-16 22:43 - 2014-07-16 22:43 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Downloads\Nepotvrzeno 399614.crdownload
2014-07-16 22:42 - 2014-07-16 22:42 - 01077248 _____ (Farbar) C:\Users\Dzena\Desktop\FRST.exe
2014-07-16 22:41 - 2014-07-16 22:41 - 00024646 _____ () C:\Users\Dzena\Desktop\stažený soubor.htm
2014-07-16 22:31 - 2014-07-16 22:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-16 22:24 - 2014-07-16 22:33 - 00015072 _____ () C:\zoek-results.log
2014-07-16 22:21 - 2014-07-14 15:16 - 01287168 _____ () C:\Users\Dzena\Desktop\zoek.exe
2014-07-16 22:21 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Dzena\Desktop\zoek.scr
2014-07-16 22:21 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Dzena\Desktop\zoek.com
2014-07-16 22:20 - 2014-07-16 22:31 - 00000000 ____D () C:\zoek_backup
2014-07-16 22:20 - 2014-07-16 22:20 - 04102729 _____ () C:\Users\Dzena\Desktop\zoek (1).zip
2014-07-16 22:19 - 2014-07-16 22:20 - 04102729 _____ () C:\Users\Dzena\Downloads\zoek.zip
2014-07-16 11:34 - 2014-07-16 22:06 - 00000000 ____D () C:\AdwCleaner
2014-07-16 11:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-16 11:32 - 2014-07-16 11:32 - 01348263 _____ () C:\Users\Dzena\Desktop\adwcleaner_3.215.exe
2014-07-16 11:29 - 2014-07-16 11:29 - 00029199 _____ () C:\Users\Dzena\Desktop\JRT.txt
2014-07-16 11:27 - 2014-07-16 11:27 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 11:09 - 2014-07-16 11:09 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT (2).exe
2014-07-16 11:06 - 2014-07-16 11:06 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT (1).exe
2014-07-16 11:05 - 2014-07-16 11:05 - 01016261 _____ (Thisisu) C:\Users\Dzena\Desktop\JRT (1).exe
2014-07-16 11:03 - 2014-07-16 11:03 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT.exe
014-07-15 23:46 - 2014-07-15 23:46 - 02347384 _____ (ESET) C:\Users\Dzena\Downloads\esetsmartinstaller_csy.exe
2014-07-15 23:21 - 2014-07-15 23:21 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT (2).exe
2014-07-15 23:21 - 2014-07-15 23:21 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT (1).exe
2014-07-15 23:15 - 2014-07-15 23:21 - 00000000 ____D () C:\Program Files\trend micro
2014-07-15 23:15 - 2014-07-15 23:17 - 00000000 ____D () C:\rsit
2014-07-15 23:15 - 2014-07-15 23:15 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

HKU\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Classes\secfile: Application <===== ATTENTION!

Hosts:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

draczech · #13 Příspěvek od **draczech** » 17 črc 2014 19:44

Přeji příjemný večer a přikládám log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Dzena at 2014-07-17 20:38:09 Run:1
Running from C:\Users\Dzena\Desktop
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S3].txt [1649 2014-07-16] ()
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\MountPoints2: {7ec6eb59-cf3d-11e2-ad5f-0022fa29e896} - D:\Autorun.exe
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\...\MountPoints2: {7ec6eb68-cf3d-11e2-ad5f-00235a0590f7} - D:\Autorun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {031B1CCB-10AD-4231-B486-4C2528E63B9A}
SearchScopes: HKLM - {607407AF-E774-B1F8-3351-4323F0FD9FCC} URL = http://www.google.com/search?sourceid=i ... lz=1I7TSEA;
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - seznam.cz-130007 URL = http://search.babylon.com/web/{searchTe ... 22fa29e896

FF Extension: Yandex.Bar - C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\Extensions\yasearch@yandex.ru [2012-06-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-31]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-31]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-03-25]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

CHR StartupUrls: "hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=245&lng=cs"
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Pcouffin; System32\Drivers\Pcouffin.sys [X]
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]

2014-07-16 22:47 - 2014-07-16 22:47 - 00029696 _____ () C:\Users\Dzena\AppData\Local\MSGBOX.EXE
2014-07-16 22:47 - 2014-07-16 22:47 - 00015327 _____ () C:\Users\Dzena\Desktop\LM.bat
2014-07-16 22:45 - 2014-07-16 22:45 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Desktop\FRSTLauncher (2).exe
2014-07-16 22:43 - 2014-07-16 22:43 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Downloads\Nepotvrzeno 57379.crdownload
2014-07-16 22:43 - 2014-07-16 22:43 - 00112640 _____ (forum.viry.cz) C:\Users\Dzena\Downloads\Nepotvrzeno 399614.crdownload
2014-07-16 22:42 - 2014-07-16 22:42 - 01077248 _____ (Farbar) C:\Users\Dzena\Desktop\FRST.exe
2014-07-16 22:41 - 2014-07-16 22:41 - 00024646 _____ () C:\Users\Dzena\Desktop\stažený soubor.htm
2014-07-16 22:31 - 2014-07-16 22:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-16 22:24 - 2014-07-16 22:33 - 00015072 _____ () C:\zoek-results.log
2014-07-16 22:21 - 2014-07-14 15:16 - 01287168 _____ () C:\Users\Dzena\Desktop\zoek.exe
2014-07-16 22:21 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Dzena\Desktop\zoek.scr
2014-07-16 22:21 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Dzena\Desktop\zoek.com
2014-07-16 22:20 - 2014-07-16 22:31 - 00000000 ____D () C:\zoek_backup
2014-07-16 22:20 - 2014-07-16 22:20 - 04102729 _____ () C:\Users\Dzena\Desktop\zoek (1).zip
2014-07-16 22:19 - 2014-07-16 22:20 - 04102729 _____ () C:\Users\Dzena\Downloads\zoek.zip
2014-07-16 11:34 - 2014-07-16 22:06 - 00000000 ____D () C:\AdwCleaner
2014-07-16 11:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-16 11:32 - 2014-07-16 11:32 - 01348263 _____ () C:\Users\Dzena\Desktop\adwcleaner_3.215.exe
2014-07-16 11:29 - 2014-07-16 11:29 - 00029199 _____ () C:\Users\Dzena\Desktop\JRT.txt
2014-07-16 11:27 - 2014-07-16 11:27 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 11:09 - 2014-07-16 11:09 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT (2).exe
2014-07-16 11:06 - 2014-07-16 11:06 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT (1).exe
2014-07-16 11:05 - 2014-07-16 11:05 - 01016261 _____ (Thisisu) C:\Users\Dzena\Desktop\JRT (1).exe
2014-07-16 11:03 - 2014-07-16 11:03 - 01016261 _____ (Thisisu) C:\Users\Dzena\Downloads\JRT.exe
014-07-15 23:46 - 2014-07-15 23:46 - 02347384 _____ (ESET) C:\Users\Dzena\Downloads\esetsmartinstaller_csy.exe
2014-07-15 23:21 - 2014-07-15 23:21 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT (2).exe
2014-07-15 23:21 - 2014-07-15 23:21 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT (1).exe
2014-07-15 23:15 - 2014-07-15 23:21 - 00000000 ____D () C:\Program Files\trend micro
2014-07-15 23:15 - 2014-07-15 23:17 - 00000000 ____D () C:\rsit
2014-07-15 23:15 - 2014-07-15 23:15 - 01107968 _____ () C:\Users\Dzena\Downloads\RSIT.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

HKU\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Classes\secfile: Application <===== ATTENTION!

Hosts:
Reboot:
End
*****************

HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ehTray.exe => value deleted successfully.
HKU\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
'HKU\S-1-5-21-3986136040-3668684752-59250217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ec6eb59-cf3d-11e2-ad5f-0022fa29e896}' => Key deleted successfully.
'HKCR\CLSID\{7ec6eb59-cf3d-11e2-ad5f-0022fa29e896}'=> Key not found.
'HKU\S-1-5-21-3986136040-3668684752-59250217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ec6eb68-cf3d-11e2-ad5f-00235a0590f7}' => Key deleted successfully.
'HKCR\CLSID\{7ec6eb68-cf3d-11e2-ad5f-00235a0590f7}'=> Key not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk => Moved successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607407AF-E774-B1F8-3351-4323F0FD9FCC}' => Key deleted successfully.
'HKCR\CLSID\{607407AF-E774-B1F8-3351-4323F0FD9FCC}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\seznam.cz-130007' => Key deleted successfully.
'HKCR\CLSID\seznam.cz-130007'=> Key not found.
C:\Users\Dzena\AppData\Roaming\Mozilla\Firefox\Profiles\0u885zan.default\Extensions\yasearch@yandex.ru => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully.
C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value deleted successfully.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => Moved successfully.
CHR StartupUrls: "hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=245&lng=cs" ==> The Chrome "Settings" can be used to fix the entry.
'HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl' => Key deleted successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
ApfiltrService => Service deleted successfully.
eamonm => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
Pcouffin => Service deleted successfully.
TpChoice => Service deleted successfully.
C:\Users\Dzena\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\Dzena\Desktop\LM.bat => Moved successfully.
C:\Users\Dzena\Desktop\FRSTLauncher (2).exe => Moved successfully.
"C:\Users\Dzena\Downloads\Nepotvrzeno 57379.crdownload" => File/Directory not found.
"C:\Users\Dzena\Downloads\Nepotvrzeno 399614.crdownload" => File/Directory not found.
C:\Users\Dzena\Desktop\FRST.exe => Moved successfully.
C:\Users\Dzena\Desktop\stažený soubor.htm => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\Users\Dzena\Desktop\zoek.exe => Moved successfully.
C:\Users\Dzena\Desktop\zoek.scr => Moved successfully.
C:\Users\Dzena\Desktop\zoek.com => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Dzena\Desktop\zoek (1).zip => Moved successfully.
C:\Users\Dzena\Downloads\zoek.zip => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Windows\system32\sqlite3.dll => Moved successfully.
C:\Users\Dzena\Desktop\adwcleaner_3.215.exe => Moved successfully.
C:\Users\Dzena\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Dzena\Downloads\JRT (2).exe => Moved successfully.
C:\Users\Dzena\Downloads\JRT (1).exe => Moved successfully.
C:\Users\Dzena\Desktop\JRT (1).exe => Moved successfully.
C:\Users\Dzena\Downloads\JRT.exe => Moved successfully.
014-07-15 23:46 - 2014-07-15 23:46 - 02347384 _____ (ESET) C:\Users\Dzena\Downloads\esetsmartinstaller_csy.exe => Error: No automatic fix found for this entry.
C:\Users\Dzena\Downloads\RSIT (2).exe => Moved successfully.
C:\Users\Dzena\Downloads\RSIT (1).exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\Dzena\Downloads\RSIT.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
'HKU\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Classes\.exe' => Key deleted successfully.
'HKU\S-1-5-21-3986136040-3668684752-59250217-1000\Software\Classes\secfile' => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

The system needed a reboot.

==== End of Fixlog ====

#14 Příspěvek od **vyosek** » 17 črc 2014 20:12

Jak se chova PC

draczech · #15 Příspěvek od **draczech** » 17 črc 2014 21:35

Z nouzového režimu jsem počítač vypnul a zapnul ve standartním režimu v 22.02. 22.11 mi naběhla obrazovka k zadání hesla, po zadání hesla ve 22.28 obrazovka zčernala s bílým kurzorem.

VIRY.CZ

Vir - exekuční příkaz

Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz

Re: Vir - exekuční příkaz