VIRY.CZ

Ahoj kámoš zrovna dostal do noťasu nejnovější verzi tohoto viru, který zablokovává nouzový režim log jsem udělal podle návodu co tu je, prosím tedy o kontrolu a následný postup jak se ho zbavit bez přeinstalování systému. Díky

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by JB (administrator) on 02-08-2013 16:23:27
Running from J:\
Windows 7 Home Premium (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-28] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKLM-x32\...\Winlogon: [Shell] explorer.exe shell.exe [x ] () <=== ATTENTION
HKCU\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKCU\...\Run: [Google Update] - C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-29] (Google Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [1022352 2012-09-02] (BitTorrent, Inc.)
HKCU\...\Run: [StudentDOG] - C:\Program Files (x86)\Programs\Student DOG\StudentDOG.exe [2102272 2011-01-02] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [BlazeServoTool] - "C:\Program Files (x86)\BlazeVideo\BlazeVideo HDTV Player 6.6 Professional\MediaDetector.exe" [x]
HKCU\...\Run: [Facebook Update] - C:\Users\JB\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [EPSON SX125 Series] - C:\Windows\TEMP\E_S1F73.tmp [126 2012-05-31] ()
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\JB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-12-28] (Gemalto N.V.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Tiiait] - C:\Users\JB\AppData\Roaming\Tiiait.exe [x]
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\JB\AppData\Roaming\cache.dat [90624 2011-11-17] () <==== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {2835cad8-d754-11e1-b8e5-70f39567e6b4} - I:\autorun.exe
MountPoints2: {37fffdac-cf20-11e1-a652-70f39567e6b4} - G:\CDCheck.exe
MountPoints2: {37fffdb4-cf20-11e1-a652-70f39567e6b4} - H:\CDCheck.exe
MountPoints2: {61b60b3c-9e09-11e1-9d5e-70f39539fccc} - G:\Startme.exe
MountPoints2: {6e7a5b16-f35c-11e0-a1b6-99211a016dba} - F:\setup\rsrc\Autorun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ConduitHelper] - C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe [274216 2011-08-31] (Conduit Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [249856 2010-09-08] ()
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [2837864 2010-06-28] (AVAST Software)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-11-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://qip.ru
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
URLSearchHook: (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {19882090-72DA-4D5F-8AC6-7E7BE5FF1C09} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL =
SearchScopes: HKLM-x32 - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2786678
SearchScopes: HKCU - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKCU - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2786678
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-08-17] (EasyBits Software Corp.)
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
ShellExecuteHooks-x32: - {DAE0285D-0788-4E87-985E-01DF2EDE4ACD} - C:\Windows\SysWow64\Wshxt.dll [53248 2012-07-16] ()

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\JB\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\JB\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\JB\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\JB\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\JB\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Collorfull Parking lot) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihiejogcgadaaodnnebjbmflfopemlg\1_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Gmail) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\JB\AppData\Local\Temp\crxE2D1.tmp
CHR StartMenuInternet: Google Chrome - C:\Users\JB\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-11-21] ()
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [79872 2010-09-07] ()
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-12-05] ()
S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2012-12-05] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-06-28] (ALWIL Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-06-28] (ALWIL Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-28] (ALWIL Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [432720 2010-06-28] (ALWIL Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-06-28] (ALWIL Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-06-28] (ALWIL Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-10-11] (DT Soft Ltd)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164864 2012-07-10] (ITE )
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [42896 2010-06-08] (Oracle Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-02 16:23 - 2013-08-02 16:23 - 00000000 ____D C:\FRST
2013-07-31 18:25 - 2013-07-31 18:25 - 00377920 _____ (AVAST Software) C:\Users\JB\Downloads\aswclear.exe
2013-07-31 18:25 - 2013-07-31 18:25 - 00377920 _____ (AVAST Software) C:\Users\JB\Desktop\aswclear.exe
2013-07-31 16:44 - 2013-07-31 18:01 - 00000004 _____ C:\Users\JB\AppData\Roaming\cache.ini
2013-07-31 16:39 - 2013-07-31 16:31 - 00090624 _____ C:\Users\JB\Desktop\video_hd.exe
2013-07-31 16:38 - 2013-07-31 16:38 - 00062125 _____ C:\Users\JB\Downloads\video_hd.zip
2013-07-31 16:38 - 2013-07-31 16:38 - 00062125 _____ C:\Users\JB\Downloads\video_hd (1).zip
2013-07-31 13:14 - 2013-07-31 13:14 - 00000000 _____ C:\Users\JB\Desktop\stažený soubor.htm
2013-07-29 19:23 - 2013-07-29 19:26 - 26419203 _____ C:\Users\JB\Desktop\Hudební dno.wmv
2013-07-29 09:49 - 2013-07-29 09:49 - 00001976 _____ C:\Users\JB\Downloads\Provozní na ubytovně Ostrava www.avizo.cz.url
2013-07-29 09:48 - 2013-07-29 09:48 - 00014093 _____ C:\Users\JB\Downloads\visa[1].html
2013-07-28 18:20 - 2013-07-28 19:39 - 733585196 _____ C:\Users\JB\Desktop\Milionář-z-chatrče-CZ.avi
2013-07-28 17:47 - 2013-07-28 17:47 - 00000000 ____D C:\Users\JB\Desktop\F
2013-07-28 10:27 - 2013-07-28 10:27 - 00000031 _____ C:\Users\JB\Downloads\ostrava.mp3.m3u
2013-07-25 21:06 - 2013-07-25 21:06 - 00000000 ____D C:\Users\JB\Desktop\Big Bang theory CZ
2013-07-25 21:04 - 2013-07-25 21:04 - 00064193 _____ C:\Users\JB\Desktop\[CzT]Teorie_velkeho_tresku_Big_Bang_theory_1_5_serie_CZ_TVRip_.torrent
2013-07-25 19:57 - 2013-07-25 20:38 - 736137216 _____ C:\Users\JB\Desktop\Percy-Jackson-Zlodej-blesku-(Percy-Jackson-&-the-Olympians-The-Lightning-Thief).avi
2013-07-25 06:17 - 2013-07-25 06:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 19:25 - 2013-07-16 19:24 - 00000000 ____D C:\Users\JB\Documents\Prototype
2013-07-14 19:23 - 2013-07-14 19:23 - 00001612 _____ C:\Users\JB\Desktop\prototype.lnk
2013-07-14 19:11 - 2013-07-14 19:19 - 00000000 ____D C:\Root
2013-07-14 18:32 - 2009-06-09 21:06 - 3674800128 _____ C:\Users\JB\Desktop\rzr-prot.iso
2013-07-13 19:31 - 2013-07-13 19:31 - 00002368 _____ C:\Users\JB\Downloads\Pomocný dělník ve výrobě - Volné pracovní místo OSTRAVA.url
2013-07-13 08:57 - 2009-09-16 22:29 - 29161790 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\JB\Desktop\nemcina-demo.exe
2013-07-13 08:56 - 2013-07-13 08:56 - 29108498 _____ C:\Users\JB\Downloads\nedemo.zip
2013-07-11 10:53 - 2013-07-11 10:53 - 00071438 _____ C:\Users\JB\Downloads\[CzT]Harry-Potter-Komplet-CZ-by-James.torrent
2013-07-11 09:48 - 2013-07-11 10:40 - 935385786 _____ C:\Users\JB\Desktop\Zálesák---Forest-Warrior---Chuck-Norris--Rodinný-Dobrodružný-Komedie-Akční-USA,-1996,-budul-93-min-cz.avi
2013-07-11 09:17 - 2013-07-12 10:06 - 00000000 ____D C:\Users\JB\Downloads\constantine
2013-07-11 09:16 - 2013-07-11 09:16 - 00019480 _____ C:\Users\JB\Downloads\[CzT]Constantine_Constantine_2005_.torrent
2013-07-11 09:15 - 2013-07-11 09:15 - 00011633 _____ C:\Users\JB\Downloads\[CzT]Constantine_CZ (1).torrent
2013-07-10 18:29 - 2013-07-10 18:29 - 00013002 _____ C:\Users\JB\Downloads\[CzT]Hobit_Neocekavana_cesta_The_Hobbit_An_Unexpected_Journey_2012_CZ_.torrent
2013-07-09 17:21 - 2013-07-09 17:21 - 00001117 _____ C:\Users\JB\Downloads\Soustružník Ostrava-Kunčice Dobrá práce.cz (3).url
2013-07-08 20:56 - 2013-07-08 20:59 - 00000000 ____D C:\Users\JB\Desktop\Constantine
2013-07-08 20:50 - 2013-07-08 20:50 - 00011633 _____ C:\Users\JB\Downloads\[CzT]Constantine_CZ.torrent
2013-07-08 20:03 - 2013-07-08 19:27 - 03090483 _____ C:\Users\JB\Desktop\VID_20130708_192635.3gp
2013-07-08 13:35 - 2013-07-08 13:35 - 00001418 _____ C:\Users\JB\Downloads\vazač-ka, FRYMEL TRADE s.r.o. - Ostrava.url
2013-07-08 13:32 - 2013-07-08 13:33 - 00002239 _____ C:\Users\JB\Downloads\strážný-á - recepční, AVES Servisní a.s. - Ostrava.url
2013-07-08 07:30 - 2013-07-08 07:30 - 00001813 _____ C:\Users\JB\Desktop\993897_10201776920172561_133108716_n.jpg – zástupce.lnk
2013-07-06 17:50 - 2013-07-06 17:50 - 00000000 ____D C:\Users\JB\Desktop\Fretka
2013-07-04 12:32 - 2013-07-16 09:22 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJB
2013-07-04 12:32 - 2013-07-16 09:22 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForJB.job

==================== One Month Modified Files and Folders =======

2013-08-02 16:18 - 2010-08-18 03:02 - 05977784 _____ C:\Windows\system32\perfh005.dat
2013-08-02 16:18 - 2010-08-18 03:02 - 01985862 _____ C:\Windows\system32\perfc005.dat
2013-08-02 16:18 - 2009-07-14 07:13 - 00005596 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-01 07:22 - 2011-10-12 04:00 - 00000000 ____D C:\ProgramData\Recovery
2013-07-31 18:25 - 2013-07-31 18:25 - 00377920 _____ (AVAST Software) C:\Users\JB\Downloads\aswclear.exe
2013-07-31 18:25 - 2013-07-31 18:25 - 00377920 _____ (AVAST Software) C:\Users\JB\Desktop\aswclear.exe
2013-07-31 18:25 - 2010-08-19 01:44 - 02042314 _____ C:\Windows\WindowsUpdate.log
2013-07-31 18:03 - 2011-08-29 12:33 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job
2013-07-31 18:01 - 2013-07-31 16:44 - 00000004 _____ C:\Users\JB\AppData\Roaming\cache.ini
2013-07-31 17:43 - 2011-09-05 14:38 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003UA.job
2013-07-31 17:40 - 2011-08-30 09:35 - 00000000 ____D C:\Users\JB\AppData\Roaming\Skype
2013-07-31 17:37 - 2013-03-03 17:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 16:45 - 2012-03-14 12:58 - 00000970 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job
2013-07-31 16:38 - 2013-07-31 16:38 - 00062125 _____ C:\Users\JB\Downloads\video_hd.zip
2013-07-31 16:38 - 2013-07-31 16:38 - 00062125 _____ C:\Users\JB\Downloads\video_hd (1).zip
2013-07-31 16:31 - 2013-07-31 16:39 - 00090624 _____ C:\Users\JB\Desktop\video_hd.exe
2013-07-31 14:43 - 2011-09-05 14:38 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003Core.job
2013-07-31 13:14 - 2013-07-31 13:14 - 00000000 _____ C:\Users\JB\Desktop\stažený soubor.htm
2013-07-30 22:03 - 2011-08-29 12:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job
2013-07-30 19:45 - 2012-03-14 12:58 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job
2013-07-30 09:22 - 2011-11-08 10:55 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-30 09:22 - 2011-09-13 21:14 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-30 01:07 - 2012-07-16 13:18 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{32C8AE03-4433-4784-9F4A-A70B78AA895A}
2013-07-29 19:26 - 2013-07-29 19:23 - 26419203 _____ C:\Users\JB\Desktop\Hudební dno.wmv
2013-07-29 09:49 - 2013-07-29 09:49 - 00001976 _____ C:\Users\JB\Downloads\Provozní na ubytovně Ostrava www.avizo.cz.url
2013-07-29 09:48 - 2013-07-29 09:48 - 00014093 _____ C:\Users\JB\Downloads\visa[1].html
2013-07-29 07:55 - 2011-09-17 18:20 - 00000000 ____D C:\Users\JB\AppData\Roaming\uTorrent
2013-07-28 22:25 - 2011-09-26 07:59 - 00000000 ___RD C:\Users\JB\Desktop\My Shared Folder
2013-07-28 19:39 - 2013-07-28 18:20 - 733585196 _____ C:\Users\JB\Desktop\Milionář-z-chatrče-CZ.avi
2013-07-28 17:47 - 2013-07-28 17:47 - 00000000 ____D C:\Users\JB\Desktop\F
2013-07-28 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-28 10:27 - 2013-07-28 10:27 - 00000031 _____ C:\Users\JB\Downloads\ostrava.mp3.m3u
2013-07-25 21:06 - 2013-07-25 21:06 - 00000000 ____D C:\Users\JB\Desktop\Big Bang theory CZ
2013-07-25 21:04 - 2013-07-25 21:04 - 00064193 _____ C:\Users\JB\Desktop\[CzT]Teorie_velkeho_tresku_Big_Bang_theory_1_5_serie_CZ_TVRip_.torrent
2013-07-25 20:38 - 2013-07-25 19:57 - 736137216 _____ C:\Users\JB\Desktop\Percy-Jackson-Zlodej-blesku-(Percy-Jackson-&-the-Olympians-The-Lightning-Thief).avi
2013-07-25 06:21 - 2013-07-25 06:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-18 18:28 - 2011-09-26 07:59 - 00000000 ____D C:\Users\JB\AppData\Local\Ares
2013-07-18 14:36 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 14:36 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 19:24 - 2013-07-14 19:25 - 00000000 ____D C:\Users\JB\Documents\Prototype
2013-07-16 09:22 - 2013-07-04 12:32 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJB
2013-07-16 09:22 - 2013-07-04 12:32 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForJB.job
2013-07-16 09:22 - 2012-07-16 12:41 - 00003226 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFBI_PROPERTY$
2013-07-16 09:22 - 2012-07-16 12:41 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForFBI_PROPERTY$.job
2013-07-14 19:23 - 2013-07-14 19:23 - 00001612 _____ C:\Users\JB\Desktop\prototype.lnk
2013-07-14 19:20 - 2011-08-29 12:02 - 00429443 _____ C:\Windows\DirectX.log
2013-07-14 19:19 - 2013-07-14 19:11 - 00000000 ____D C:\Root
2013-07-14 19:19 - 2010-08-17 17:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-14 19:11 - 2013-03-03 18:33 - 00000000 ____D C:\Program Files (x86)\Activision
2013-07-13 19:31 - 2013-07-13 19:31 - 00002368 _____ C:\Users\JB\Downloads\Pomocný dělník ve výrobě - Volné pracovní místo OSTRAVA.url
2013-07-13 08:56 - 2013-07-13 08:56 - 29108498 _____ C:\Users\JB\Downloads\nedemo.zip
2013-07-12 21:58 - 2011-08-29 12:33 - 00003914 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA
2013-07-12 21:58 - 2011-08-29 12:33 - 00003518 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core
2013-07-12 14:04 - 2013-06-11 11:07 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-12 14:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-12 14:02 - 2009-07-14 06:51 - 00184316 _____ C:\Windows\setupact.log
2013-07-12 10:06 - 2013-07-11 09:17 - 00000000 ____D C:\Users\JB\Downloads\constantine
2013-07-11 12:33 - 2012-05-13 08:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 12:33 - 2012-05-13 08:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 10:53 - 2013-07-11 10:53 - 00071438 _____ C:\Users\JB\Downloads\[CzT]Harry-Potter-Komplet-CZ-by-James.torrent
2013-07-11 10:40 - 2013-07-11 09:48 - 935385786 _____ C:\Users\JB\Desktop\Zálesák---Forest-Warrior---Chuck-Norris--Rodinný-Dobrodružný-Komedie-Akční-USA,-1996,-budul-93-min-cz.avi
2013-07-11 09:16 - 2013-07-11 09:16 - 00019480 _____ C:\Users\JB\Downloads\[CzT]Constantine_Constantine_2005_.torrent
2013-07-11 09:15 - 2013-07-11 09:15 - 00011633 _____ C:\Users\JB\Downloads\[CzT]Constantine_CZ (1).torrent
2013-07-11 07:40 - 2011-08-29 17:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 18:37 - 2012-12-05 22:09 - 00000000 ____D C:\Users\JB\Desktop\Plocha
2013-07-10 18:29 - 2013-07-10 18:29 - 00013002 _____ C:\Users\JB\Downloads\[CzT]Hobit_Neocekavana_cesta_The_Hobbit_An_Unexpected_Journey_2012_CZ_.torrent
2013-07-09 17:21 - 2013-07-09 17:21 - 00001117 _____ C:\Users\JB\Downloads\Soustružník Ostrava-Kunčice Dobrá práce.cz (3).url
2013-07-08 20:59 - 2013-07-08 20:56 - 00000000 ____D C:\Users\JB\Desktop\Constantine
2013-07-08 20:50 - 2013-07-08 20:50 - 00011633 _____ C:\Users\JB\Downloads\[CzT]Constantine_CZ.torrent
2013-07-08 19:27 - 2013-07-08 20:03 - 03090483 _____ C:\Users\JB\Desktop\VID_20130708_192635.3gp
2013-07-08 13:35 - 2013-07-08 13:35 - 00001418 _____ C:\Users\JB\Downloads\vazač-ka, FRYMEL TRADE s.r.o. - Ostrava.url
2013-07-08 13:33 - 2013-07-08 13:32 - 00002239 _____ C:\Users\JB\Downloads\strážný-á - recepční, AVES Servisní a.s. - Ostrava.url
2013-07-08 07:30 - 2013-07-08 07:30 - 00001813 _____ C:\Users\JB\Desktop\993897_10201776920172561_133108716_n.jpg – zástupce.lnk
2013-07-06 17:50 - 2013-07-06 17:50 - 00000000 ____D C:\Users\JB\Desktop\Fretka

Files to move or delete:
====================
C:\Users\JB\AppData\Roaming\cache.dat
C:\Users\JB\AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

LastRegBack: 2013-07-03 11:45

==================== End Of Log ============================

Zdravim

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

HKLM-x32\...\Winlogon: [Shell] explorer.exe shell.exe [x ] () <=== ATTENTION
HKCU\...\Run: [Google Update] - C:\Users\JB\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-29] (Google Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [1022352 2012-09-02] (BitTorrent, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [BlazeServoTool] - "C:\Program Files (x86)\BlazeVideo\BlazeVideo HDTV Player 6.6 Professional\MediaDetector.exe" [x]
HKCU\...\Run: [Facebook Update] - C:\Users\JB\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Sony Ericsson PC Companion] - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [EPSON SX125 Series] - C:\Windows\TEMP\E_S1F73.tmp [126 2012-05-31] ()
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\JB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-12-28] (Gemalto N.V.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Tiiait] - C:\Users\JB\AppData\Roaming\Tiiait.exe [x]
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\JB\AppData\Roaming\cache.dat [90624 2011-11-17] () <==== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ConduitHelper] - C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe [274216 2011-08-31] (Conduit Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [249856 2010-09-08] ()
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-11-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://qip.ru
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
URLSearchHook: (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {19882090-72DA-4D5F-8AC6-7E7BE5FF1C09} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL =
SearchScopes: HKLM-x32 - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {4140AE61-F20F-4396-B7A1-3C1CDD0DE234} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\JB\AppData\Local\Temp\crxE2D1.tmp
S2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-11-21] ()
2013-07-31 16:44 - 2013-07-31 18:01 - 00000004 _____ C:\Users\JB\AppData\Roaming\cache.ini
2013-07-04 12:32 - 2013-07-16 09:22 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJB
2013-07-04 12:32 - 2013-07-16 09:22 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForJB.job
2013-07-31 18:03 - 2011-08-29 12:33 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job
2013-07-31 17:43 - 2011-09-05 14:38 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003UA.job
2013-07-31 16:45 - 2012-03-14 12:58 - 00000970 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job
2013-07-31 14:43 - 2011-09-05 14:38 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003Core.job
2013-07-30 22:03 - 2011-08-29 12:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job
2013-07-30 19:45 - 2012-03-14 12:58 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job
C:\Program Files (x86)\Guard-ICQ
C:\Program Files (x86)\DAEMON Tools Toolbar
C:\Program Files (x86)\uTorrentBar
C:\Users\JB\AppData\Roaming\cache.dat
Hosts:
CMD: shutdown /r

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

Ahoj tak jsem to udělal jak si mi napsal notebook sice v nouzovém režimu nepadá jak padal ale stále se spouští v nouzovém režimu, nevím jak ho přepnout do běžného.

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
msconfig
```
Kliknete na OK

Zkontrolujte ci mate podobe nastaveni jako na obrazku = NEsmi byt zaskrtnuta moznost Bezpecne spousteni

: nasteveni SB; safeboot.png (17.7 KiB) Zobrazeno 1358 x

Pote restart a uvidite

Díky za rychlou odpověď notebook už funguje.....mám udělat ještě nějaký krok jak se toho viru zbavit definitivně nebo už tam vůbec není

PS: Pokud je to vše tak já a kamarád děkuje šlo mu hlavně o ty fotky bohužel nemá externí (záložní HDD).

Podruhe jsem Vam odstranil citaci me odpovedi, pouzivejte tlacitko Odpovedet, jen to zneprehlednujete

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Zdravím tak tu máte ten log:

# AdwCleaner v2.306 - Log vytvooen 02/08/2013 v 21:55:33
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium (64 bits)
# Uživatel : JB - FBI_PROPERTY
# Spuštin systém : Normální
# Spuštino z : C:\Users\JB\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\Conduit
Složka Nalezeno : C:\Program Files (x86)\ICQ6Toolbar
Složka Nalezeno : C:\ProgramData\ICQ\ICQToolbar
Složka Nalezeno : C:\ProgramData\Premium
Složka Nalezeno : C:\Users\JB\AppData\Local\Conduit
Složka Nalezeno : C:\Users\JB\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\JB\AppData\LocalLow\PriceGong
Složka Nalezeno : C:\Users\JB\AppData\LocalLow\uTorrentBar
Složka Nalezeno : C:\Users\JB\AppData\Roaming\OpenCandy

***** [Registry] *****

Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\PriceGong
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\uTorrentBar
Klíe Nalezeno : HKCU\Software\AppDataLow\Toolbar
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\Software\ICQ\ICQToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Nalezeno : HKLM\Software\uTorrentBar
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0330D6D6-BC53-46FD-903C-5B4B4D1EE0D1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B70495B8-C112-495F-B5E8-C0294399B9C5}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.7600.17267

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [3450 octets] - [02/08/2013 21:55:33]

########## EOF - C:\AdwCleaner[R1].txt - [3510 octets] ##########

Delate si s tou citaci mych odpovedi legraci?? Proc to porad citujete

To nevidite velke tlacitko nahore nebo dole v tematu ODPOVEDET

Omlouvám se už jsem to upravil dával jsem to tu v rychlosti

samozdřejmě že vidím

rychle se ani s prominutim pes nevyse*e...Honem honem a takhle to dopada...

Nyni budu chtit 3 logy, kazdy dejte do samostatne odpovedi...

Dejte mi sem fixlog, ktery vznikl na flash disku

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Chci se zeptat jaký fixlog ten co jste mi tu posílal nebo ten log co vytvořil adwCleaner?

Fixlog vznikl na flash disku po oprave pomoci FRST

Po smazani AdwCleanerem vznikne log C:\AdwCleaner [S1].txt ten chci

A nakonec log.txt z RSIT

Pokud jste myslel ten fixlog.txt co jste mi posílal tak ten mám zde:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013
Ran by JB at 2013-08-02 20:54:23 Run:1
Running from J:\
Boot Mode: Safe Mode (minimal)
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BlazeServoTool => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Companion => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON SX125 Series => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SanDiskSecureAccess_Manager.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Tiiait => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ConduitHelper => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HTC Sync Loader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{95289393-33EA-4F8D-B952-483415B9C955} => Value deleted successfully.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCR\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key deleted successfully.
HKCR\CLSID\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key deleted successfully.
HKCR\CLSID\{4140AE61-F20F-4396-B7A1-3C1CDD0DE234} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully.
HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj => Key deleted successfully.
"C:\Users\JB\AppData\Local\Temp\crxE2D1.tmp" => File/Directory not found.
Guard.Mail.ru => Service deleted successfully.
C:\Users\JB\AppData\Roaming\cache.ini => Moved successfully.
C:\Windows\System32\Tasks\HPCeeScheduleForJB => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForJB.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1003Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1716676511-3378767979-1263856736-1000Core.job => Moved successfully.
C:\Program Files (x86)\Guard-ICQ => Moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar => Moved successfully.
C:\Program Files (x86)\uTorrentBar => Moved successfully.
C:\Users\JB\AppData\Roaming\cache.dat => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r =========

========= End of CMD: =========

==== End of Fixlog ====

S1 zde
# AdwCleaner v2.306 - Log vytvooen 02/08/2013 v 22:36:36
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium (64 bits)
# Uživatel : JB - FBI_PROPERTY
# Spuštin systém : Normální
# Spuštino z : C:\Users\JB\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\Conduit
Složka Vymazáno : C:\Program Files (x86)\ICQ6Toolbar
Složka Vymazáno : C:\ProgramData\ICQ\ICQToolbar
Složka Vymazáno : C:\ProgramData\Premium
Složka Vymazáno : C:\Users\JB\AppData\Local\Conduit
Složka Vymazáno : C:\Users\JB\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\JB\AppData\LocalLow\PriceGong
Složka Vymazáno : C:\Users\JB\AppData\LocalLow\uTorrentBar
Složka Vymazáno : C:\Users\JB\AppData\Roaming\OpenCandy

***** [Registry] *****

Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\PriceGong
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\uTorrentBar
Klíe Vymazáno : HKCU\Software\AppDataLow\Toolbar
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\Software\ICQ\ICQToolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Vymazáno : HKLM\Software\uTorrentBar
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0330D6D6-BC53-46FD-903C-5B4B4D1EE0D1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B70495B8-C112-495F-B5E8-C0294399B9C5}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.7600.17267

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [3579 octets] - [02/08/2013 21:55:33]
AdwCleaner[R2].txt - [3639 octets] - [02/08/2013 22:35:24]
AdwCleaner[S1].txt - [3605 octets] - [02/08/2013 22:36:36]

########## EOF - C:\AdwCleaner[S1].txt - [3665 octets] ##########

log z Rsit zde:

Logfile of random's system information tool 1.08 (written by random/random)
Run by JB at 2013-08-02 22:47:16
Microsoft Windows 7 Home Premium
System drive C: has 21 GB (7%) free of 284 GB
Total RAM: 3894 MB (63% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 2035792
\??\C:\Windows\system32\conhost.exe "-1071067432-704575194900988531416982517913829635-723662790-1728345415-307478516
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
C:\Windows\System32\spoolsv.exe
taskeng.exe {2F6D1AE0-2897-455E-9753-893BC5C434A7}
"C:\Program Files\DigitalPersona\Bin\DpHostW.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1192
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-acac6dcf-9561-4b88-bdbc-22d2e6247119 -SystemEventPortName:HostProcess-5441b481-3ed6-49cc-a78b-0d823fba0325 -IoCancelEventPortName:HostProcess-a3064527-4828-4f8e-a799-6557a209a285 -NonStateChangingEventPortName:HostProcess-3b2a2fc0-1d60-43ec-8f0a-44b145da253b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:443b29d1-7a88-402c-9894-6e0e2d468afe -DeviceGroupId:WpdFsGroup
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {EC989E1F-8BA0-4D34-9A76-E91C0EC16752}
"C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
taskeng.exe {B37EB2F7-C324-4208-B339-0AB2D8ADA386}
"C:\Users\JB\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" mode=windowless
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\HPCeeScheduleForFBI_PROPERTY$.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-17 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll [2013-04-02 1467528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-26 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-26 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll [2013-04-02 1467528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-22 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-06-22 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-22 414744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-28 2096424]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-06-18 487424]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2010-01-20 611896]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-06-18 8192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-09 1712184]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-06-16 2736128]
"StudentDOG"=C:\Program Files (x86)\Programs\Student DOG\StudentDOG.exe [2011-01-02 2102272]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-21 98304]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-06-29 602168]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2010-06-02 61112]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-06-22 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-08-17 52920]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"=C:\Windows\SysWow64\Wshxt.dll [2012-07-16 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DpHost]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-08-02 22:47:16 ----D---- C:\rsit
2013-08-02 22:47:16 ----D---- C:\Program Files\trend micro
2013-08-02 22:36:36 ----A---- C:\AdwCleaner[S1].txt
2013-08-02 22:35:24 ----A---- C:\AdwCleaner[R2].txt
2013-08-02 21:55:33 ----A---- C:\AdwCleaner[R1].txt
2013-08-02 21:30:31 ----D---- C:\Windows\pss
2013-08-02 16:23:12 ----D---- C:\FRST
2013-07-31 21:28:01 ----A---- C:\Windows\ntbtlog.txt
2013-07-25 06:17:12 ----D---- C:\Windows\system32\MRT
2013-07-14 19:11:18 ----D---- C:\Root

======List of files/folders modified in the last 1 months======

2013-08-02 22:48:21 ----D---- C:\Windows\System32
2013-08-02 22:48:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-02 22:48:01 ----HD---- C:\Windows\Temp
2013-08-02 22:47:16 ----RD---- C:\Program Files
2013-08-02 22:46:27 ----A---- C:\Windows\SYSWOW64\log.txt
2013-08-02 22:44:32 ----D---- C:\Windows\system32\config
2013-08-02 22:36:44 ----HD---- C:\ProgramData
2013-08-02 22:36:44 ----D---- C:\Program Files (x86)
2013-08-02 21:36:30 ----D---- C:\Windows\Prefetch
2013-08-02 21:30:31 ----D---- C:\Windows
2013-08-02 20:54:24 ----D---- C:\Windows\Tasks
2013-08-02 20:54:24 ----D---- C:\Windows\system32\Tasks
2013-08-02 20:54:24 ----D---- C:\Windows\system32\drivers\etc
2013-08-01 07:22:46 ----D---- C:\ProgramData\Recovery
2013-07-31 17:40:31 ----D---- C:\Users\JB\AppData\Roaming\Skype
2013-07-30 15:51:03 ----SHD---- C:\System Volume Information
2013-07-30 09:22:15 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-29 07:55:31 ----D---- C:\Users\JB\AppData\Roaming\uTorrent
2013-07-28 17:02:55 ----D---- C:\Windows\system32\NDF
2013-07-14 19:20:20 ----RSD---- C:\Windows\assembly
2013-07-14 19:19:45 ----SHD---- C:\Windows\Installer
2013-07-14 19:19:35 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-07-14 19:11:10 ----D---- C:\Program Files (x86)\Activision
2013-07-12 14:04:39 ----D---- C:\Program Files (x86)\Steam
2013-07-11 12:33:13 ----D---- C:\Program Files\Microsoft Silverlight
2013-07-11 12:33:12 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 12:32:35 ----A---- C:\log.txt
2013-07-11 07:40:33 ----D---- C:\ProgramData\Microsoft Help
2013-07-10 18:32:43 ----D---- C:\Windows\SysWOW64

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 28752]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2010-06-28 432720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 51280]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-11 254528]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-06-08 202576]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-08 53520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-06-22 6856704]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-06-22 264192]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-08-19 3063360]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-10 342056]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-10 102952]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-06-10 135720]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-10 21544]
R3 clwvd;HP Webcam Splitter; C:\Windows\system32\DRIVERS\clwvd.sys [2010-06-24 32880]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-06-22 10342240]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-01-12 232992]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-06-18 515584]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-28 320560]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-08 144656]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-08 164176]
R3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552448]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-06-22 10342240]
S3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2012-07-10 164864]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-06-08 42896]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-06-22 203264]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-08 952096]
R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2010-04-23 445192]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 30520]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-05-01 325656]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-07 79872]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-12-05 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2012-12-05 107832]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-06-18 258048]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-02-23 2192176]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2012-08-10 1001376]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11 256904]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-07 543656]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

VIRY.CZ

Prosím o kontrolu logu vir PČR

Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR

Re: Prosím o kontrolu logu vir PČR