VIRY.CZ

Procesor je na 100% zlobí prohlížeč počítač je celkově zpomalený.
prosím o kontrolu logu.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:05:13, on 12.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\kocour\Data aplikací\defaulttab\defaulttab\dtupdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V5.7-delta.exe
f:\1440a03fd39af6648f9a29a115\mrtstub.exe
C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\MRT.exe
F:\moje zaloha\Download\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=3523&t=01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\kocour\Data aplikací\DefaultTab\DefaultTab\DefaultTabBHO.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mshhylrwSrv] C:\WINDOWS\inf\mshhylrw.vbe
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Documents and Settings\kocour\Data aplikací\defaulttab\defaulttab\dtupdate.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7628 bytes

Zdravím!
Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013 01
Ran by kocour (administrator) on KOCOUR-8611202D on 12-12-2013 21:27:10
Running from F:\moje zaloha\Download
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\DefaultTab\DefaultTabSearch.exe
() C:\Documents and Settings\kocour\Data aplikací\defaulttab\defaulttab\dtupdate.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\Tablet.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(adi) C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\WTablet\TabUserW.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [98304 2003-01-31] (Analog Devices, Inc.)
HKLM\...\Run: [DrvLsnr] - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [69632 2002-05-28] (adi)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2012-01-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [mshhylrwSrv] - C:\WINDOWS\inf\mshhylrw.vbe [1558 2013-08-27] ()
HKLM\...\Run: [Printsrv] - C:\WINDOWS\system32\Printing_Admin_Scripts\en-US\pubpr.vbs [543 2013-05-10] ()
HKCU\...\Run: [Google Update] - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [136176 2012-01-31] (Google Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [954256 2012-04-04] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-04-04] ()
HKCU\...\Run: [AdobeBridge] - [x]
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TabUserW.exe.lnk
ShortcutTarget: TabUserW.exe.lnk -> C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=3523&t=01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
SearchScopes: HKCU - {2615EA9E-38BE-453F-BFE7-F5FC7D31BBF1} URL = http://www.mysearchresults.com/search?c ... earchTerms}
SearchScopes: HKCU - {45b2cc87-927c-4f58-b00f-f411e1aa32b7} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKCU - {7f858914-b64a-4fdc-a82f-b4ecaf486973} URL = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
SearchScopes: HKCU - {b1be8e4d-2a5b-49df-bc9b-fc76ccb4ecd7} URL = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
SearchScopes: HKCU - {da47e7a0-9f71-4c6a-b7db-8b177d47f3da} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... rceid=IE_5
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\kocour\Data aplikací\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
Toolbar: HKCU - No Name - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\kocour\Data aplikací\Mozilla\Firefox\Profiles\ggrpvwv2.default
FF Homepage: www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: addon - C:\Documents and Settings\kocour\Data aplikací\Mozilla\Firefox\Profiles\ggrpvwv2.default\Extensions\addon@defaulttab.com.xpi
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.mysearchresults.com/?c=3523&t=01
CHR DefaultSearchKeyword: search here
CHR DefaultSearchProvider: Search Here
CHR DefaultSearchURL: http://www.mysearchresults.com/search?c ... earchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\kocour\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\32.0.1700.41\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\kocour\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\32.0.1700.41\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\kocour\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\32.0.1700.41\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\kocour\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Extension: (Angry Birds) - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (YouTube) - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DefaultTab) - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\kocour\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
R2 DefaultTabUpdate; C:\Documents and Settings\kocour\Data aplikací\defaulttab\defaulttab\dtupdate.exe [107520 2013-12-11] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
R2 TabletService; C:\WINDOWS\system32\Tablet.exe [749568 2005-06-17] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [1139040 2010-12-28] (Ralink Technology, Corp.)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 21:26 - 2013-12-12 21:26 - 00000000 ____D C:\FRST
2013-12-12 14:33 - 2013-12-12 14:45 - 00013309 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-12 14:30 - 2013-12-12 14:41 - 00003649 _____ C:\WINDOWS\updspapi.log
2013-12-12 14:30 - 2013-12-12 14:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-12 14:25 - 2013-12-12 14:27 - 00005015 _____ C:\WINDOWS\KB2904266.log
2013-12-12 14:25 - 2013-12-12 14:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-12 13:48 - 2013-12-12 13:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-12 13:43 - 2013-12-12 13:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-12 13:38 - 2013-12-12 14:45 - 00002316 _____ C:\WINDOWS\ocmsn.log
2013-12-12 13:38 - 2013-12-12 14:44 - 00008026 _____ C:\WINDOWS\setupapi.log
2013-12-12 13:37 - 2013-12-12 14:45 - 00017736 _____ C:\WINDOWS\ocgen.log
2013-12-12 13:37 - 2013-12-12 14:45 - 00014154 _____ C:\WINDOWS\tsoc.log
2013-12-12 13:37 - 2013-12-12 14:45 - 00012309 _____ C:\WINDOWS\comsetup.log
2013-12-12 13:37 - 2013-12-12 14:45 - 00007474 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-12 13:37 - 2013-12-12 14:45 - 00005999 _____ C:\WINDOWS\iis6.log
2013-12-12 13:37 - 2013-12-12 14:45 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-12 13:37 - 2013-12-12 14:44 - 00037094 _____ C:\WINDOWS\FaxSetup.log
2013-12-12 13:37 - 2013-12-12 14:44 - 00001854 _____ C:\WINDOWS\msgsocm.log
2013-12-12 13:37 - 2013-12-12 14:32 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-12 13:37 - 2013-12-12 13:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-12 13:37 - 2013-12-12 13:37 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-12 13:37 - 2013-12-12 13:37 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-11 23:01 - 2013-12-11 23:01 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
2013-12-11 23:00 - 2013-12-11 23:01 - 00000000 ____D C:\Program Files\DefaultTab
2013-12-11 23:00 - 2013-12-11 23:00 - 00000000 ____D C:\Documents and Settings\kocour\Data aplikací\defaulttab
2013-12-11 22:58 - 2013-12-11 22:58 - 00000000 ____D C:\Program Files\PANDORA.TV
2013-12-11 22:54 - 2013-12-11 22:55 - 32359944 _____ C:\Documents and Settings\kocour\Plocha\KMPlayer_3-7-0-113.exe
2013-12-11 15:18 - 2013-12-12 13:45 - 00009891 _____ C:\WINDOWS\KB2893984.log
2013-12-11 15:18 - 2013-12-12 13:39 - 00008310 _____ C:\WINDOWS\KB2892075.log
2013-12-11 15:17 - 2013-12-12 14:32 - 00010411 _____ C:\WINDOWS\KB2898715.log
2013-12-11 15:17 - 2013-12-12 13:51 - 00009248 _____ C:\WINDOWS\KB2893294.log
2013-12-03 14:53 - 2013-12-08 17:48 - 00000000 ____D C:\Documents and Settings\kocour\Dokumenty\Warzone 2100 3.1
2013-12-03 14:40 - 2013-12-03 14:40 - 00413696 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2013-12-03 14:40 - 2013-12-03 14:40 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2013-12-03 14:40 - 2013-12-03 14:40 - 00000769 _____ C:\Documents and Settings\All Users\Plocha\Warzone 2100-3.1.0.lnk
2013-12-03 14:40 - 2013-12-03 14:40 - 00000000 ____D C:\Program Files\OpenAL
2013-12-03 14:40 - 2013-12-03 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Warzone 2100-3.1.0
2013-12-03 14:39 - 2013-12-06 23:11 - 00000000 ____D C:\Program Files\Warzone 2100-3.1.0
2013-11-27 17:26 - 2013-11-27 17:27 - 00001378 _____ C:\WINDOWS\system32\RaCoInst.log
2013-11-27 17:26 - 2010-12-28 06:59 - 01139040 ____R (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\rt2870.sys
2013-11-27 17:26 - 2010-12-28 06:53 - 00238944 ____R (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll
2013-11-27 17:26 - 2010-12-28 06:53 - 00014051 ____R C:\WINDOWS\system32\RaCoInst.dat
2013-11-19 21:38 - 2013-12-12 15:12 - 00000396 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-14 18:09 - 2013-11-14 18:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 18:09 - 2013-11-14 18:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 18:08 - 2013-11-14 18:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-14 18:08 - 2013-11-14 18:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

==================== One Month Modified Files and Folders =======

2013-12-12 21:26 - 2013-12-12 21:26 - 00000000 ____D C:\FRST
2013-12-12 21:11 - 2012-01-31 14:38 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-861567501-839522115-1004UA.job
2013-12-12 20:34 - 2013-03-01 15:38 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-12 19:00 - 2012-01-15 20:24 - 00000256 _____ C:\WINDOWS\Tasks\RMSchedule.job
2013-12-12 16:31 - 2012-01-15 18:41 - 01909748 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-12 15:12 - 2013-11-19 21:38 - 00000396 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-12-12 15:02 - 2012-01-18 00:21 - 00013075 _____ C:\WINDOWS\system32\tablet.dat
2013-12-12 15:02 - 2012-01-15 23:38 - 00088566 _____ C:\WINDOWS\system32\nvapps.xml
2013-12-12 15:02 - 2012-01-15 19:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-12 15:02 - 2012-01-15 19:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-12 15:02 - 2012-01-15 19:08 - 03422328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 15:01 - 2012-01-15 18:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-12 15:00 - 2012-03-07 11:31 - 01483602 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1844237615-861567501-839522115-1004-0.dat
2013-12-12 15:00 - 2012-03-07 11:31 - 00204306 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2013-12-12 15:00 - 2012-01-15 18:53 - 00000178 ___SH C:\Documents and Settings\kocour\ntuser.ini
2013-12-12 15:00 - 2012-01-15 18:50 - 00032616 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-12 14:45 - 2013-12-12 14:33 - 00013309 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-12 14:45 - 2013-12-12 13:38 - 00002316 _____ C:\WINDOWS\ocmsn.log
2013-12-12 14:45 - 2013-12-12 13:37 - 00017736 _____ C:\WINDOWS\ocgen.log
2013-12-12 14:45 - 2013-12-12 13:37 - 00014154 _____ C:\WINDOWS\tsoc.log
2013-12-12 14:45 - 2013-12-12 13:37 - 00012309 _____ C:\WINDOWS\comsetup.log
2013-12-12 14:45 - 2013-12-12 13:37 - 00007474 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-12 14:45 - 2013-12-12 13:37 - 00005999 _____ C:\WINDOWS\iis6.log
2013-12-12 14:45 - 2013-12-12 13:37 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-12 14:44 - 2013-12-12 13:38 - 00008026 _____ C:\WINDOWS\setupapi.log
2013-12-12 14:44 - 2013-12-12 13:37 - 00037094 _____ C:\WINDOWS\FaxSetup.log
2013-12-12 14:44 - 2013-12-12 13:37 - 00001854 _____ C:\WINDOWS\msgsocm.log
2013-12-12 14:41 - 2013-12-12 14:30 - 00003649 _____ C:\WINDOWS\updspapi.log
2013-12-12 14:32 - 2013-12-12 13:37 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-12 14:32 - 2013-12-11 15:17 - 00010411 _____ C:\WINDOWS\KB2898715.log
2013-12-12 14:30 - 2013-12-12 14:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-12 14:27 - 2013-12-12 14:25 - 00005015 _____ C:\WINDOWS\KB2904266.log
2013-12-12 14:27 - 2012-01-17 00:00 - 00028930 _____ C:\WINDOWS\system32\TZLog.log
2013-12-12 14:25 - 2013-12-12 14:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-12 14:25 - 2013-08-14 14:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-12 14:20 - 2012-01-15 20:22 - 00000000 ____D C:\Program Files\The KMPlayer
2013-12-12 13:54 - 2012-01-15 19:35 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-12 13:51 - 2013-12-11 15:17 - 00009248 _____ C:\WINDOWS\KB2893294.log
2013-12-12 13:48 - 2013-12-12 13:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-12 13:45 - 2013-12-11 15:18 - 00009891 _____ C:\WINDOWS\KB2893984.log
2013-12-12 13:43 - 2013-12-12 13:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-12 13:39 - 2013-12-11 15:18 - 00008310 _____ C:\WINDOWS\KB2892075.log
2013-12-12 13:37 - 2013-12-12 13:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-12 13:37 - 2013-12-12 13:37 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-12 13:37 - 2013-12-12 13:37 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-11 23:19 - 2012-01-22 22:32 - 00093696 _____ C:\Documents and Settings\kocour\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-11 23:02 - 2012-01-15 19:09 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-12-11 23:01 - 2013-12-11 23:01 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
2013-12-11 23:01 - 2013-12-11 23:00 - 00000000 ____D C:\Program Files\DefaultTab
2013-12-11 23:01 - 2012-01-15 18:50 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2013-12-11 23:00 - 2013-12-11 23:00 - 00000000 ____D C:\Documents and Settings\kocour\Data aplikací\defaulttab
2013-12-11 23:00 - 2012-01-15 18:53 - 00000000 __RHD C:\Documents and Settings\kocour\Data aplikací
2013-12-11 22:58 - 2013-12-11 22:58 - 00000000 ____D C:\Program Files\PANDORA.TV
2013-12-11 22:55 - 2013-12-11 22:54 - 32359944 _____ C:\Documents and Settings\kocour\Plocha\KMPlayer_3-7-0-113.exe
2013-12-11 22:55 - 2012-01-15 18:53 - 00000000 ____D C:\Documents and Settings\kocour\Plocha
2013-12-11 15:36 - 2013-03-01 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 15:36 - 2012-01-16 01:18 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 22:49 - 2012-01-15 18:53 - 00000000 ____D C:\Documents and Settings\kocour
2013-12-10 22:08 - 2006-03-02 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-09 11:11 - 2012-01-31 14:38 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-861567501-839522115-1004Core.job
2013-12-08 17:48 - 2013-12-03 14:53 - 00000000 ____D C:\Documents and Settings\kocour\Dokumenty\Warzone 2100 3.1
2013-12-06 23:11 - 2013-12-03 14:39 - 00000000 ____D C:\Program Files\Warzone 2100-3.1.0
2013-12-05 01:50 - 2012-01-31 14:40 - 00002266 _____ C:\Documents and Settings\kocour\Plocha\Google Chrome.lnk
2013-12-04 21:13 - 2012-01-15 19:57 - 00000000 ____D C:\Documents and Settings\kocour\Local Settings\Data aplikací\Adobe
2013-12-03 14:53 - 2012-01-15 18:53 - 00000000 ___RD C:\Documents and Settings\kocour\Dokumenty
2013-12-03 14:40 - 2013-12-03 14:40 - 00413696 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2013-12-03 14:40 - 2013-12-03 14:40 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2013-12-03 14:40 - 2013-12-03 14:40 - 00000769 _____ C:\Documents and Settings\All Users\Plocha\Warzone 2100-3.1.0.lnk
2013-12-03 14:40 - 2013-12-03 14:40 - 00000000 ____D C:\Program Files\OpenAL
2013-12-03 14:40 - 2013-12-03 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Warzone 2100-3.1.0
2013-12-03 14:40 - 2012-01-15 19:09 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-11-27 17:28 - 2012-01-15 19:09 - 01120982 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-27 17:27 - 2013-11-27 17:26 - 00001378 _____ C:\WINDOWS\system32\RaCoInst.log
2013-11-19 11:21 - 2012-01-15 20:32 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-19 01:16 - 2012-05-01 22:33 - 00001698 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Security Essentials.lnk
2013-11-19 01:16 - 2012-01-15 19:48 - 00001912 _____ C:\WINDOWS\epplauncher.mif
2013-11-19 01:15 - 2012-01-15 20:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-14 18:09 - 2013-11-14 18:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 18:09 - 2013-11-14 18:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 18:08 - 2013-11-14 18:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-14 18:08 - 2013-11-14 18:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 04:00 - 2012-02-29 15:10 - 00150528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imagehlp.dll
2013-11-13 04:00 - 2006-03-02 13:00 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-11-13 02:13 - 2012-01-15 19:49 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe

Some content of TEMP:
====================
C:\Documents and Settings\kocour\Local Settings\Temp\DefaultTabSetup2.exe
C:\Documents and Settings\kocour\Local Settings\Temp\KMP_3.7.0.113.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-03-02 13:00] - [2008-04-14 04:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2006-03-02 13:00] - [2008-04-14 04:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2006-03-02 13:00] - [2008-04-14 04:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2006-03-02 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2006-03-02 13:00] - [2008-04-14 04:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2006-03-02 13:00] - [2008-04-14 04:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2006-03-02 13:00] - [2008-04-14 03:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [mshhylrwSrv] - C:\WINDOWS\inf\mshhylrw.vbe
C:\WINDOWS\inf\mshhylrw.vbe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=3523&t=01
SearchScopes: HKCU - {2615EA9E-38BE-453F-BFE7-F5FC7D31BBF1} URL = http://www.mysearchresults.com/search?c ... earchTerms}
Toolbar: HKCU - No Name - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
CHR HomePage: hxxp://www.mysearchresults.com/?c=3523&t=01
CHR DefaultSearchURL: http://www.mysearchresults.com/search?c ... earchTerms}
C:\Documents and Settings\kocour\Local Settings\Temp
End

Uložte do stejného adresáře jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-12-2013 03
Ran by kocour at 2013-12-12 23:06:13 Run:1
Running from F:\moje zaloha\logy
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
tart
HKLM\...\Run: [mshhylrwSrv] - C:\WINDOWS\inf\mshhylrw.vbe
C:\WINDOWS\inf\mshhylrw.vbe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=3523&t=01
SearchScopes: HKCU - {2615EA9E-38BE-453F-BFE7-F5FC7D31BBF1} URL = http://www.mysearchresults.com/search?c ... earchTerms}
Toolbar: HKCU - No Name - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
CHR HomePage: hxxp://www.mysearchresults.com/?c=3523&t=01
CHR DefaultSearchURL: http://www.mysearchresults.com/search?c ... earchTerms}
C:\Documents and Settings\kocour\Local Settings\Temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mshhylrwSrv => Value deleted successfully.
C:\WINDOWS\inf\mshhylrw.vbe => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2615EA9E-38BE-453F-BFE7-F5FC7D31BBF1} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2615EA9E-38BE-453F-BFE7-F5FC7D31BBF1} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} => Value deleted successfully.
HKCR\CLSID\{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
CHR HomePage: hxxp://www.mysearchresults.com/?c=3523&t=01 ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://www.mysearchresults.com/search?c ... earchTerms} ==> The Chrome "Settings" can be used to fix the entry.

"C:\Documents and Settings\kocour\Local Settings\Temp" directory move:

Could not move "C:\Documents and Settings\kocour\Local Settings\Temp\etilqs_3UVH5t9oOp9ArZx" => Scheduled to move on reboot.
C:\Documents and Settings\kocour\Local Settings\Temp\KMP_3.7.0.113.exe => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\users00 => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_142.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_154.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_21B.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_24F.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_48.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_4A.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_69.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_6D.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\_76.tmp => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\KiesLiveupdateTemp\PluginHost.xml => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\installdt.tmp\DefaultTab.xpi => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\4012_6158\crl-set => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\4012_6158\manifest.fingerprint => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\4012_6158\manifest.json => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\3608_29527\crl-set => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\3608_29527\manifest.fingerprint => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\3608_29527\manifest.json => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\3124_26082\crl-set => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\3124_26082\manifest.fingerprint => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\3124_26082\manifest.json => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\1384_17277\crl-set => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\1384_17277\manifest.fingerprint => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\1384_17277\manifest.json => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\1152_17672\crl-set => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\1152_17672\manifest.fingerprint => Moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp\1152_17672\manifest.json => Moved successfully.
Could not move "C:\Documents and Settings\kocour\Local Settings\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-12 23:08:38)<=

C:\Documents and Settings\kocour\Local Settings\Temp\etilqs_3UVH5t9oOp9ArZx => Is moved successfully.
C:\Documents and Settings\kocour\Local Settings\Temp => Moved successfully.

==== End of Fixlog ====

zdá se,že je to vyřešené

Děkuji za pomoc

Nemáte zač!