Kotrola logu - ads.pubmatic v Exploreru

Zpráva

mmatysekk · #1 Příspěvek od **mmatysekk** » 26 pro 2014 16:07

Dobrý den,

v Internet Explorer když kliknu na nějakou stránku a pak chci dát zpět, tak musím kliknout na šiplku zpět několikrát. Když ji podržím, tak je vidět že se tam nějak mezi dostali stránky s ads.pubmatic... viz příložený obrázek
Ve firefoxu se to neděje, ale rád bych to nějak vyřešil.
Děkuji za pomoc. Přikládám log z RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr Lorenc at 2014-12-26 14:46:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 24 GB (16%) free of 152 GB
Total RAM: 2939 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:47:35, on 26.12.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16599)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Users\Petr Lorenc\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Users\Petr Lorenc\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Petr Lorenc.exe
C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Petr Lorenc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1A909D0305NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2582803426-2694337097-1122780995-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'winpostgr')
O4 - S-1-5-21-2582803426-2694337097-1122780995-1001 User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'winpostgr')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Petr Lorenc\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: WinStromService (Service1) - WinStrom s.r.o. - C:\Program Files\WinStrom\winstromservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
O23 - Service: WinStrom-PostgreSQL - PostgreSQL Global Development Group - C:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe

--
End of file - 15061 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cecd91ce083f10.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2582803426-2694337097-1122780995-1000Core.job - C:\Users\Petr Lorenc\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2582803426-2694337097-1122780995-1000UA.job - C:\Users\Petr Lorenc\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr Lorenc\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{27182e60-b5f3-411c-b545-b44205977502}"=C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Petr Lorenc\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-08-04 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-01-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2010-10-07 1164568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24 612616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]
"Toshiba TEMPO"=C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-06-25 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-06-25 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-06-25 145944]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-09-26 417792]
"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2008-04-26 716800]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24 49208]
""= []
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"HTC Sync Loader"=C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17 651264]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-08-05 4085896]
"Toshiba TEMPRO"=C:\Program Files\Toshiba TEMPRO\TemproTray.exe [2010-10-26 1050072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Petr Lorenc\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
"HP Photosmart 5510 series (NET)"=C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2011-05-25 1801064]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2014-10-14 720064]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Users\Petr Lorenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Petr Lorenc\AppData\Roaming\Dropbox\bin\Dropbox.exe
Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk - C:\Windows\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-06-12 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.XVID"=xvidvfw.dll
"msacm.l3codecp"=l3codecp.acm
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-26 14:46:27 ----D---- C:\Program Files\trend micro
2014-12-26 14:46:26 ----D---- C:\rsit
2014-12-19 21:24:09 ----D---- C:\Users\Petr Lorenc\AppData\Roaming\Opera Software
2014-12-12 03:12:22 ----A---- C:\Windows\system32\tzres.dll
2014-12-12 03:12:01 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-12 03:10:00 ----SHD---- C:\Config.Msi
2014-12-12 03:01:13 ----A---- C:\Windows\system32\schannel.dll
2014-12-11 15:14:45 ----A---- C:\Windows\system32\vbscript.dll
2014-12-11 15:14:45 ----A---- C:\Windows\system32\msfeedssync.exe
2014-12-11 15:14:45 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-12-11 15:14:44 ----A---- C:\Windows\system32\urlmon.dll
2014-12-11 15:14:44 ----A---- C:\Windows\system32\mshta.exe
2014-12-11 15:14:44 ----A---- C:\Windows\system32\jscript.dll
2014-12-11 15:14:44 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-11 15:14:43 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-11 15:14:43 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-11 15:14:42 ----A---- C:\Windows\system32\url.dll
2014-12-11 15:14:42 ----A---- C:\Windows\system32\iertutil.dll
2014-12-11 15:14:38 ----A---- C:\Windows\system32\wininet.dll
2014-12-11 15:14:36 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-11 15:14:35 ----A---- C:\Windows\system32\ieui.dll
2014-12-11 15:14:34 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-11 15:14:34 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-11 15:14:33 ----A---- C:\Windows\system32\jscript9.dll
2014-12-11 15:14:31 ----A---- C:\Windows\system32\ieframe.dll
2014-12-11 15:14:29 ----A---- C:\Windows\system32\mshtml.dll

======List of files/folders modified in the last 1 month======

2060-08-18 19:02:22 ----N---- C:\Windows\system32\Cc3250mt.dll
2060-08-18 18:40:44 ----N---- C:\Windows\system32\Cp3245mt.dll
2060-08-18 18:40:44 ----N---- C:\Windows\system32\Borlndmm.dll
2014-12-26 14:46:33 ----D---- C:\Windows\Temp
2014-12-26 14:46:27 ----D---- C:\Program Files
2014-12-26 14:28:19 ----D---- C:\Windows\system32\Tasks
2014-12-26 14:28:10 ----D---- C:\Users\Petr Lorenc\AppData\Roaming\Dropbox
2014-12-26 14:25:19 ----D---- C:\winstrom-data
2014-12-26 14:24:48 ----D---- C:\Windows
2014-12-26 14:21:47 ----HD---- C:\ProgramData
2014-12-26 14:03:02 ----D---- C:\Windows\tracing
2014-12-26 12:50:52 ----SHD---- C:\System Volume Information
2014-12-26 12:43:25 ----D---- C:\Windows\inf
2014-12-24 08:57:41 ----D---- C:\Windows\system32\catroot2
2014-12-20 10:00:34 ----D---- C:\Program Files\Opera
2014-12-16 20:53:11 ----SD---- C:\Users\Petr Lorenc\AppData\Roaming\Microsoft
2014-12-16 18:24:18 ----D---- C:\Windows\AutoKMS
2014-12-16 18:24:09 ----AD---- C:\Windows\System32
2014-12-16 18:24:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-16 13:27:55 ----D---- C:\Windows\Prefetch
2014-12-12 21:54:13 ----D---- C:\Windows\Debug
2014-12-12 03:55:11 ----D---- C:\Windows\winsxs
2014-12-12 03:48:56 ----D---- C:\Windows\rescache
2014-12-12 03:33:39 ----D---- C:\Windows\system32\catroot
2014-12-12 03:30:08 ----D---- C:\Windows\system32\cs-CZ
2014-12-12 03:30:07 ----D---- C:\Windows\system32\migration
2014-12-12 03:30:07 ----D---- C:\Program Files\Internet Explorer
2014-12-12 03:14:29 ----SHD---- C:\Windows\Installer
2014-12-12 03:14:28 ----D---- C:\ProgramData\Microsoft Help
2014-12-12 03:07:22 ----D---- C:\Windows\system32\MRT
2014-12-12 03:02:35 ----A---- C:\Windows\system32\mrt.exe
2014-12-10 16:06:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-12-01 19:41:40 ----D---- C:\Users\Petr Lorenc\AppData\Roaming\HpUpdate

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-04 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-04 192352]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 312344]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-01-20 114048]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-07-18 279376]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-08-30 21576]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2014-08-04 55112]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-22 779536]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-04 414520]
R1 aswTdi;aswTdi; C:\Windows\system32\drivers\aswTdi.sys [2014-08-04 57800]
R1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-04 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-04 67824]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-04-22 1129472]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-04-23 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-08-04 50344]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 Service1;WinStromService; C:\Program Files\WinStrom\winstromservice.exe [2012-08-02 559104]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2014-08-04 5095264]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-04-11 124264]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UserAccess;Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC; C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe [2001-12-21 53248]
R2 WinStrom-PostgreSQL;WinStrom-PostgreSQL; C:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe runservice -N WinStrom-PostgreSQL -D c:/winstrom-data -w -o -h 127.0.0.1 -p 5435 []
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-03-15 2233400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-12-26 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-25 129976]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 26 pro 2014 16:17

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

mmatysekk · #3 Příspěvek od **mmatysekk** » 26 pro 2014 17:15

Dobrý den,

log z ADWCleaner.

Děkuji

# AdwCleaner v4.106 - Report created 26/12/2014 at 16:40:35
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Petr Lorenc - PETRLORENC-PC
# Running from : C:\Users\Petr Lorenc\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Users\Petr Lorenc\AppData\LocalLow\AlterGeo
Folder Deleted : C:\Users\Petr Lorenc\Documents\Updater
Folder Deleted : C:\Users\Petr Lorenc\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Folder Deleted : C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Scheduled Tasks ] *****

Task Deleted : IHUninstallTrackingTASK

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v12.0 (cs)

-\\ Google Chrome v

[C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.icq.com/search/results.php?q={searc ... &ch_id=osd
[C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://avira.search.ask.com/web?tpid=AVIRA-V7C&o=APN11398&pf=V7&p2=%5EBB5%5EYYYYYY%5EYY%5ECZ&gct=&itbv=12.10.0.2951&doi=2014-02-01&apn_uid=F4B148C7-82D8-4556-A90D-971A71A361F0&apn_ptnrs=%5EBB5&apn_dtid=%5EYYYYYY%5EYY%5ECZ&apn_dbr=cr_32.0.1700.102&psv=&trgb=ALL&q={searchTerms}

-\\ Opera v26.0.1656.60

[C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.icq.com/search/results.php?q={searc ... &ch_id=osd
[C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://avira.search.ask.com/web?tpid=AVIRA-V7C&o=APN11398&pf=V7&p2=%5EBB5%5EYYYYYY%5EYY%5ECZ&gct=&itbv=12.10.0.2951&doi=2014-02-01&apn_uid=F4B148C7-82D8-4556-A90D-971A71A361F0&apn_ptnrs=%5EBB5&apn_dtid=%5EYYYYYY%5EYY%5ECZ&apn_dbr=cr_32.0.1700.102&psv=&trgb=ALL&q={searchTerms}
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe

*************************

AdwCleaner[R0].txt - [6040 octets] - [26/12/2014 16:36:59]
AdwCleaner[S0].txt - [6561 octets] - [26/12/2014 16:40:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6621 octets] ##########

log z ZOEK

Zoek.exe v5.0.0.0 Updated 24-12-2014
Tool run by Petr Lorenc on p 26.12.2014 at 16:46:54,57.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petr Lorenc\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

26.12.2014 16:50:15 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Common Files\SWF Studio deleted successfully
C:\PROGRA~2\firebird deleted successfully
C:\PROGRA~2\WinZipEC deleted successfully
C:\Users\Petr Lorenc\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Petr Lorenc\AppData\Roaming\Outlook deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2582803426-2694337097-1122780995-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2582803426-2694337097-1122780995-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\PETRLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default\prefs.js:
user_pref("browser.search.selectedEngine", "Google");

Added to C:\Users\PETRLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\PETRLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default

user.js not found
---- Lines Search modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_26.12.2014_1705_.backup

==== Deleting Files \ Folders ======================

C:\Windows\system32\appdata deleted
C:\PROGRA~2\ICQ deleted
C:\Users\Petr Lorenc\Downloads\iLividSetup-r778-n-bc.exe deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Windows\System32\SET1E4D.tmp deleted
C:\Windows\System32\SET6687.tmp deleted
C:\Users\Petr Lorenc\Documents\Add-in Express deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\PETRLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [04.08.2014 16:30]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PETRLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default
- avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Petr Lorenc\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default
9860727E477F17B88E39AF8B69B0407A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C - C:\Users\Petr Lorenc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
B6140A0C147234CA38FFB33EA55D3677 - C:\Users\Petr Lorenc\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll - Cryptoplus KB – podepisovací modul
9D35E12B661581B83DD74EB910EA9E6D - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.240.7
4EBB5B4DCABEC18B29D01F9F607B0114 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U24
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
04AF8BC83A89D9B71F7E0BCAF9FDD768 - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[04.08.2014 16:29]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain ... &bmod=TSEA;"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/ig/redirectdomain ... &bmod=TSEA"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain ... &bmod=TSEA;"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{105E99FF-8B9A-4492-B155-06194B9056D2} Bing Url="http://www.bing.com/search?FORM=IPGTDF& ... -SearchBox"
{F967DF67-CAF2-41E0-B0EF-EB50689D423E} Google Url="http://www.google.com/search?source=ie7 ... EA_csCZ343"

==== Reset Google Chrome ======================

C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Petr Lorenc\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petr Lorenc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Petr Lorenc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(33)\Content.IE5 emptied successfully
C:\Users\winpostgr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petr Lorenc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Petr Lorenc\AppData\Local\Mozilla\Firefox\Profiles\ono585kf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Petr Lorenc\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=10 2256023 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Petr Lorenc\AppData\Local\Temp will be emptied at reboot
C:\Users\winpostgr\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PETRLO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Petr Lorenc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on p 26.12.2014 at 17:11:14,53 ======================

#4 Příspěvek od **vyosek** » 26 pro 2014 17:25

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

mmatysekk · #5 Příspěvek od **mmatysekk** » 26 pro 2014 17:38

Dobrý den,

chtěl jsem ten log již na začátku udělat, ale nejde mi stáhnout ten Launcher

Díky

#6 Příspěvek od **vyosek** » 26 pro 2014 19:34

Spustte jen samotny FRST tedy

mmatysekk · #7 Příspěvek od **mmatysekk** » 26 pro 2014 21:11

dobrý den,

log z FRST.
Děkuji moc za pomoc

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-12-2014
Ran by Petr Lorenc (administrator) on PETRLORENC-PC on 26-12-2014 20:37:59
Running from C:\Users\Petr Lorenc\Desktop
Loaded Profiles: Petr Lorenc & winpostgr (Available profiles: Petr Lorenc & winpostgr)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
(PostgreSQL Global Development Group) C:\Program Files\WinStrom\pgsql\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\WinStrom\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\WinStrom\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\WinStrom\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\WinStrom\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\WinStrom\pgsql\bin\postgres.exe
(WinStrom s.r.o.) C:\Program Files\WinStrom\WinStromService.exe
(Sun Microsystems, Inc.) C:\Windows\System32\java.exe
(Toshiba) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA) C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
( ) C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(Motive Communications, Inc.) C:\Program Files\TO2SSM\McciTrayApp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\Petr Lorenc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-09-26] (Chicony)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-04-26] (TOSHIBA Corporation.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [TO2SSM_McciTrayApp] => C:\Program Files\TO2SSM\McciTrayApp.exe [1473536 2008-08-15] (Motive Communications, Inc.)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050072 2010-10-26] (Toshiba Europe GmbH)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2582803426-2694337097-1122780995-1000\...\Run: [Google Update] => C:\Users\Petr Lorenc\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-2582803426-2694337097-1122780995-1000\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1801064 2011-05-25] (Hewlett-Packard Co.)
HKU\S-1-5-21-2582803426-2694337097-1122780995-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2582803426-2694337097-1122780995-1000\...\MountPoints2: {b000bf50-204d-11e0-b2a3-002258e4321c} - D:\unlock.exe autoplay=true
HKU\S-1-5-21-2582803426-2694337097-1122780995-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2582803426-2694337097-1122780995-1001\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe /i Vt= P[ x[ °[ [
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Petr Lorenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Petr Lorenc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Petr Lorenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk
ShortcutTarget: Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\winpostgr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2582803426-2694337097-1122780995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKLM -> {F967DF67-CAF2-41E0-B0EF-EB50689D423E} URL = http://www.google.com/search?source=ie7 ... lz=1I7TSEA;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2582803426-2694337097-1122780995-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2582803426-2694337097-1122780995-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://www.bing.com/search?FORM=IPGTDF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-2582803426-2694337097-1122780995-1000 -> {F967DF67-CAF2-41E0-B0EF-EB50689D423E} URL = http://www.google.com/search?source=ie7 ... EA_csCZ343
SearchScopes: HKU\S-1-5-21-2582803426-2694337097-1122780995-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Ukazatel S-Rank -> {EA837F48-5AD1-443E-AE34-FFE03CBF3099} -> C:\Program Files\Seznam.cz\core.3.dll ()
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.11.10.1

FireFox:
========
FF ProfilePath: C:\Users\Petr Lorenc\AppData\Roaming\Mozilla\Firefox\Profiles\ono585kf.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2582803426-2694337097-1122780995-1000: @kb-ext.cz/PKIComponent -> C:\Users\Petr Lorenc\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF Plugin HKU\S-1-5-21-2582803426-2694337097-1122780995-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Petr Lorenc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2582803426-2694337097-1122780995-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Petr Lorenc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-05]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-12-30]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-12-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-02]

Chrome:
=======
CHR Profile: C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22]
CHR Extension: (Vyhledávání Google) - C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22]
CHR Extension: (Peněženka Google) - C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Petr Lorenc\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [73728 2010-04-14] (Software602 a.s.) [File not signed]
S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2233400 2007-03-15] () [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-12-26] (Macrovision Europe Ltd.) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Service1; C:\Program Files\WinStrom\winstromservice.exe [559104 2012-08-02] (WinStrom s.r.o.) [File not signed]
R3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba) [File not signed]
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 UserAccess; C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe [53248 2001-12-21] () [File not signed]
R2 WinStrom-PostgreSQL; C:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe runservice -N "WinStrom-PostgreSQL" -D "c:/winstrom-data" -w -o "-h 127.0.0.1 -p 5435" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-04] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-04] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-04] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 20:37 - 2014-12-26 20:39 - 00024499 _____ () C:\Users\Petr Lorenc\Desktop\FRST.txt
2014-12-26 20:37 - 2014-12-26 20:38 - 00000000 ____D () C:\FRST
2014-12-26 20:36 - 2014-12-26 20:36 - 01114112 _____ (Farbar) C:\Users\Petr Lorenc\Desktop\FRST.exe
2014-12-26 19:06 - 2014-12-26 19:06 - 00000000 ____D () C:\ProgramData\WinZipEC
2014-12-26 17:08 - 2014-12-26 16:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-26 16:49 - 2014-12-26 17:11 - 00011026 _____ () C:\zoek-results.log
2014-12-26 16:46 - 2014-12-26 17:05 - 00000000 ____D () C:\zoek_backup
2014-12-26 16:45 - 2014-12-26 16:45 - 00006701 _____ () C:\Users\Petr Lorenc\Desktop\AdwCleaner[S0].txt
2014-12-26 16:36 - 2014-12-26 16:40 - 00000000 ____D () C:\AdwCleaner
2014-12-26 16:35 - 2014-12-26 16:35 - 01295360 _____ () C:\Users\Petr Lorenc\Desktop\zoek.exe
2014-12-26 16:34 - 2014-12-26 16:34 - 02173952 _____ () C:\Users\Petr Lorenc\Desktop\adwcleaner_4.106.exe
2014-12-26 14:46 - 2014-12-26 14:47 - 00000000 ____D () C:\rsit
2014-12-26 14:46 - 2014-12-26 14:47 - 00000000 ____D () C:\Program Files\trend micro
2014-12-26 14:45 - 2014-12-26 14:45 - 01107968 _____ () C:\Users\Petr Lorenc\Desktop\RSIT.exe
2014-12-26 14:24 - 2014-12-26 17:10 - 00001252 _____ () C:\Windows\PFRO.log
2014-12-19 21:24 - 2014-12-19 21:24 - 00000762 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 26.lnk
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Petr Lorenc\AppData\Roaming\Opera Software
2014-12-19 21:24 - 2014-12-19 21:24 - 00000000 ____D () C:\Users\Petr Lorenc\AppData\Local\Opera Software
2014-12-17 15:39 - 2014-12-20 14:05 - 00000000 ____D () C:\Users\Petr Lorenc\Desktop\Vyhodne
2014-12-16 20:45 - 2014-12-16 20:45 - 00453424 _____ (Microsoft Corporation) C:\Users\Petr Lorenc\Desktop\IE9-WindowsVista-x86-enu.exe
2014-12-12 03:12 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 03:12 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 03:01 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-11 15:14 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-11 15:14 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 15:14 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 15:14 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 15:14 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 15:14 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 15:14 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 15:14 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-11 15:14 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 15:14 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-11 15:14 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 15:14 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 15:14 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 15:14 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 15:14 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-11 15:14 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 15:14 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 15:14 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 15:14 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 15:14 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 15:14 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-11 15:14 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-07 21:49 - 2014-12-07 21:53 - 00035840 _____ () C:\Users\Petr Lorenc\Desktop\Gatebo - CSOP10- DZP.xls
2014-12-07 21:33 - 2014-12-07 21:47 - 00034304 _____ () C:\Users\Petr Lorenc\Desktop\Gatebo - Technický úsek - DS UVN.xls
2014-12-07 21:31 - 2014-12-07 21:31 - 00033792 _____ () C:\Users\Petr Lorenc\Desktop\Gatebo - Vršovický zámeček.xls
2014-12-07 21:03 - 2014-12-07 21:54 - 00034816 _____ () C:\Users\Petr Lorenc\Desktop\Gatebo - Studentský dům.xls
2014-12-07 20:51 - 2014-12-07 21:53 - 00032768 _____ () C:\Users\Petr Lorenc\Desktop\Gatebo - SSPDR - kuchyně.xls
2014-12-07 20:31 - 2014-12-07 21:53 - 00033792 _____ () C:\Users\Petr Lorenc\Desktop\Gatebo - Jakutská - odd jeslí.xls
2014-12-07 20:13 - 2014-12-07 21:54 - 00050688 _____ () C:\Users\Petr Lorenc\Desktop\Gatebo - Zvonková - Domov pro seniory.xls
2014-11-28 09:20 - 2014-11-28 09:25 - 00037888 _____ () C:\Users\Petr Lorenc\Desktop\O - Studentský dům.xls
2014-11-28 09:15 - 2014-11-28 09:18 - 00034304 _____ () C:\Users\Petr Lorenc\Desktop\O- SSPDR - kuchyně.xls
2014-11-28 09:05 - 2014-11-28 09:13 - 00035328 _____ () C:\Users\Petr Lorenc\Desktop\O - Jakutská - odd jeslí.xls
2014-11-28 09:00 - 2014-11-28 09:03 - 00036864 _____ () C:\Users\Petr Lorenc\Desktop\O - CSOP10- DZP.xls
2014-11-28 08:51 - 2014-11-28 08:58 - 00034816 _____ () C:\Users\Petr Lorenc\Desktop\O - Technický úsek - DS UVN.xls
2014-11-28 08:39 - 2014-12-07 21:29 - 00033792 _____ () C:\Users\Petr Lorenc\Desktop\O - Vršovický zámeček.xls
2014-11-28 08:22 - 2014-12-07 20:13 - 00051200 _____ () C:\Users\Petr Lorenc\Desktop\O - Zvonková - Domov pro seniory.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2060-08-18 19:02 - 2010-11-02 17:51 - 02023424 ____N (Inprise Corporation) C:\Windows\system32\Vcl50.bpl
2060-08-18 19:02 - 2010-11-02 17:51 - 01496064 ____N (Inprise Corporation) C:\Windows\system32\Cc3250mt.dll
2060-08-18 19:02 - 2010-11-02 17:51 - 00248832 ____N (Inprise Corporation) C:\Windows\system32\Vclx50.bpl
2060-08-18 18:40 - 2010-11-02 17:50 - 00909824 ____N (Inprise Corporation) C:\Windows\system32\Cp3245mt.dll
2060-08-18 18:40 - 2010-11-02 17:50 - 00024064 ____N (Inprise Corporation) C:\Windows\system32\Borlndmm.dll
2014-12-26 20:29 - 2011-12-27 13:44 - 00000000 ____D () C:\Users\Petr Lorenc\Documents\Soubory aplikace Outlook
2014-12-26 20:23 - 2010-07-07 14:00 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 20:16 - 2014-02-03 19:45 - 01986865 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 20:08 - 2011-01-05 21:20 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582803426-2694337097-1122780995-1000UA.job
2014-12-26 20:06 - 2012-05-07 18:38 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 19:45 - 2013-12-23 16:20 - 00000000 ____D () C:\Users\Petr Lorenc\AppData\Roaming\Dropbox
2014-12-26 19:44 - 2012-06-03 13:12 - 00000000 ____D () C:\Users\Petr Lorenc\AppData\Local\Htc
2014-12-26 19:43 - 2013-10-20 13:42 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecd91ce083f10.job
2014-12-26 19:40 - 2012-08-27 10:16 - 00000000 ____D () C:\winstrom-data
2014-12-26 19:40 - 2010-11-02 15:48 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-26 19:40 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 19:40 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 19:39 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 19:08 - 2011-01-05 21:20 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582803426-2694337097-1122780995-1000Core.job
2014-12-26 17:10 - 2011-03-30 16:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-26 17:09 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-26 17:05 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-26 16:31 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing
2014-12-21 17:15 - 2014-06-11 05:47 - 00000000 ____D () C:\Users\Petr Lorenc\AppData\Local\Adobe
2014-12-20 22:18 - 2012-06-03 14:09 - 00002619 _____ () C:\Users\Petr Lorenc\Desktop\Microsoft Word 2010.lnk
2014-12-20 10:00 - 2009-09-27 23:34 - 00000000 ____D () C:\Program Files\Opera
2014-12-19 20:34 - 2009-09-27 21:42 - 00199680 _____ () C:\Users\Petr Lorenc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-16 18:25 - 2012-06-03 14:09 - 00002535 _____ () C:\Users\Petr Lorenc\Desktop\Microsoft Excel 2010.lnk
2014-12-16 18:24 - 2011-12-27 12:57 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-16 18:24 - 2008-01-21 07:47 - 01541246 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 16:08 - 2014-02-09 09:13 - 00000000 ____D () C:\Users\Petr Lorenc\Desktop\Libertagia
2014-12-15 16:08 - 2012-12-28 15:08 - 00000000 ____D () C:\Users\Petr Lorenc\Desktop\Dům N.Město
2014-12-13 10:07 - 2014-09-14 11:57 - 00000942 _____ () C:\Users\Petr Lorenc\Desktop\Dropbox.lnk
2014-12-13 10:07 - 2013-12-23 16:21 - 00000000 ____D () C:\Users\Petr Lorenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 03:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:14 - 2008-07-16 18:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 03:07 - 2013-08-15 04:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:02 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-10 16:06 - 2012-05-07 18:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 16:06 - 2011-07-02 07:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-01 19:41 - 2011-12-30 20:12 - 00000000 ____D () C:\Users\Petr Lorenc\AppData\Roaming\HpUpdate

Some content of TEMP:
====================
C:\Users\Petr Lorenc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw2rp9u.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-26 19:53

==================== End Of Log ============================

#8 Příspěvek od **vyosek** » 26 pro 2014 21:17

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2582803426-2694337097-1122780995-1000\...\Run: [Google Update] => C:\Users\Petr Lorenc\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Ukazatel S-Rank -> {EA837F48-5AD1-443E-AE34-FFE03CBF3099} -> C:\Program Files\Seznam.cz\core.3.dll ()

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

C:\Windows\AutoKMS
2014-12-26 20:37 - 2014-12-26 20:39 - 00024499 _____ () C:\Users\Petr Lorenc\Desktop\FRST.txt
2014-12-26 17:08 - 2014-12-26 16:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-26 16:49 - 2014-12-26 17:11 - 00011026 _____ () C:\zoek-results.log
2014-12-26 16:46 - 2014-12-26 17:05 - 00000000 ____D () C:\zoek_backup
2014-12-26 16:45 - 2014-12-26 16:45 - 00006701 _____ () C:\Users\Petr Lorenc\Desktop\AdwCleaner[S0].txt
2014-12-26 16:36 - 2014-12-26 16:40 - 00000000 ____D () C:\AdwCleaner
2014-12-26 16:35 - 2014-12-26 16:35 - 01295360 _____ () C:\Users\Petr Lorenc\Desktop\zoek.exe
2014-12-26 16:34 - 2014-12-26 16:34 - 02173952 _____ () C:\Users\Petr Lorenc\Desktop\adwcleaner_4.106.exe
2014-12-26 14:46 - 2014-12-26 14:47 - 00000000 ____D () C:\rsit
2014-12-26 14:46 - 2014-12-26 14:47 - 00000000 ____D () C:\Program Files\trend micro
2014-12-26 14:45 - 2014-12-26 14:45 - 01107968 _____ () C:\Users\Petr Lorenc\Desktop\RSIT.exe
2014-12-26 14:24 - 2014-12-26 17:10 - 00001252 _____ () C:\Windows\PFRO.log

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecd91ce083f10.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582803426-2694337097-1122780995-1000Core.job => C:\Users\Petr Lorenc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582803426-2694337097-1122780995-1000UA.job => C:\Users\Petr Lorenc\AppData\Local\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

VIRY.CZ

Kotrola logu - ads.pubmatic v Exploreru

Kotrola logu - ads.pubmatic v Exploreru

Re: Kotrola logu - ads.pubmatic v Exploreru

Re: Kotrola logu - ads.pubmatic v Exploreru

Re: Kotrola logu - ads.pubmatic v Exploreru

Re: Kotrola logu - ads.pubmatic v Exploreru

Re: Kotrola logu - ads.pubmatic v Exploreru

Re: Kotrola logu - ads.pubmatic v Exploreru

Re: Kotrola logu - ads.pubmatic v Exploreru