VIRY.CZ

Ahoj,

mám problém s virem, který se projevuje tak, že po spuštění počítače rozjede dva procesy, které spustí aplikace sms.exe a smms.exe . Následuje samovolné otevření Internet Exploreru a pokus o stažení jakéhosi skriptu. Poté se samovolně spustí web kamera!, pokud pořizuje záznam či ne, mi není známo. Avast byl schopen první dva procesy identifikovat jako hrozbu, ale nebyl schopen soubory vymazat či zneškodnit... po restartu se celé kolečko rozjede znovu. Vymazání souborů z jejich umístění či zákaz jejich spuštění "po spuštění" taky nepomohl.
Navíc jsem ještě zjistila , že google - při pokusu cokoliv vyhledat, detekuje nějakou nekalou činnost z domácí sítě, kterou využívám...
Jsem běžný uživatel a došly mi nápady - pomůžete mi prosím?



Logfile of random's system information tool 1.06 (written by random/random)
Run by maxici at 2014-01-12 09:06:15
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 70 GB (24%) free of 297 GB
Total RAM: 3002 MB (52% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1937874605-1975404794-337259606-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1937874605-1975404794-337259606-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{876C850E-B428-492F-B56B-3FCFCE83B9C9}]
wxDfast Class - C:\ProgramData\wxDfast\bhoclass.dll [2012-04-08 140800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-10 278128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-08 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-10 278128]
{db9d7a78-a76c-4bf2-97c6-258925ee1542}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-04 1410344]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-10-10 206128]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-12-08 432432]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-10 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-10 175128]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-10 153624]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2013-09-11 450560]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-08-29 1861968]
"mstgqtSrv"=C:\Windows\system32\mstgqt.vbe [2013-12-10 583]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-10 39408]
"1fd29eb1b46a0ad612f4f9886d1a825c"=C:\Users\maxici\AppData\Local\Temp\sms.exe [2014-01-11 425472]
"a5e28652a9fca8f12f869e43ccaa696c"=C:\Users\maxici\AppData\Local\Temp\smms.exe [2014-01-11 608256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1fd29eb1b46a0ad612f4f9886d1a825c]
C:\Users\maxici\AppData\Local\Temp\sms.exe [2014-01-11 425472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a5e28652a9fca8f12f869e43ccaa696c]
C:\Users\maxici\AppData\Local\Temp\smms.exe [2014-01-11 608256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15 499608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [2012-03-06 574296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-08-29 1861968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-11-02 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2008-09-08 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^maxici^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^love test.exe]
C:\Users\maxici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\love test.exe []

C:\Users\maxici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
1fd29eb1b46a0ad612f4f9886d1a825c.exe
a5e28652a9fca8f12f869e43ccaa696c.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-10 215040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\StartUpCDMA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\StartUpHSPA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{066d8ad6-2ba7-11e1-b389-00269e2ade08}]
shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4027dbb9-dc96-11e1-9b56-f100bc44c326}]
shell\AutoRun\command - J:\StartUpCDMA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4027dbba-dc96-11e1-9b56-f100bc44c326}]
shell\AutoRun\command - K:\StartUpHSPA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a2b6beb-dc97-11e1-b04b-d68600d7ec41}]
shell\AutoRun\command - H:\StartUpCDMA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a65f24a-49a1-11e2-8d3f-e557e5b8dc5a}]
shell\AutoRun\command - H:\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5001306-dca0-11e1-b1cb-b0b8c50d7a98}]
shell\AutoRun\command - I:\StartUpCDMA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b500130f-dca0-11e1-b1cb-9b12564a8ea6}]
shell\AutoRun\command - H:\StartUpCDMA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e64f2ac1-8a6d-11df-bf88-00269e2ade08}]
shell\AutoRun\command - F:\setup.exe


======List of files/folders created in the last 1 months======

2014-01-12 09:06:15 ----D---- C:\rsit
2014-01-12 09:06:15 ----D---- C:\Program Files\trend micro
2014-01-11 22:57:47 ----D---- C:\Program Files\CCleaner
2014-01-11 18:52:14 ----D---- C:\Program Files\ESET
2014-01-11 00:21:36 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-01-11 00:21:28 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2014-01-10 13:31:54 ----AS---- C:\Windows\system32\nircmdc.exe

======List of files/folders modified in the last 1 months======

2014-01-12 09:06:16 ----D---- C:\Windows\Temp
2014-01-12 09:06:16 ----D---- C:\Windows\Prefetch
2014-01-12 09:06:15 ----RD---- C:\Program Files
2014-01-12 09:06:13 ----A---- C:\ProgramData\HPWALog.txt
2014-01-12 08:49:00 ----D---- C:\Windows\system32\Tasks
2014-01-12 08:48:57 ----A---- C:\ProgramData\hpqp.ini
2014-01-12 08:48:49 ----HD---- C:\ProgramData
2014-01-12 03:06:18 ----HD---- C:\Config.Msi
2014-01-11 23:47:59 ----D---- C:\Windows\Debug
2014-01-11 23:40:13 ----SHD---- C:\Windows\Installer
2014-01-11 23:40:12 ----D---- C:\Program Files\Adobe
2014-01-11 23:39:59 ----SHD---- C:\System Volume Information
2014-01-11 23:36:11 ----D---- C:\Program Files\Common Files
2014-01-11 23:33:21 ----D---- C:\Program Files\Common Files\Adobe
2014-01-11 23:32:47 ----D---- C:\Windows\System32
2014-01-11 23:32:05 ----D---- C:\ProgramData\Adobe
2014-01-11 23:22:15 ----D---- C:\Windows\system32\drivers
2014-01-11 23:16:21 ----A---- C:\Windows\wininit.ini
2014-01-11 23:16:16 ----SD---- C:\ProgramData\Microsoft
2014-01-11 23:16:15 ----D---- C:\Windows\Tasks
2014-01-11 23:07:32 ----D---- C:\Windows
2014-01-11 23:02:00 ----D---- C:\Users\maxici\AppData\Roaming\Vso
2014-01-11 23:01:51 ----D---- C:\Users\maxici\AppData\Roaming\BitTorrent
2014-01-11 23:00:59 ----D---- C:\Windows\Panther
2014-01-11 23:00:59 ----D---- C:\Windows\ModemLogs
2014-01-11 23:00:59 ----D---- C:\Windows\inf
2014-01-11 23:00:58 ----D---- C:\Windows\Minidump
2014-01-11 22:43:36 ----D---- C:\Users\maxici\AppData\Roaming\vlc
2014-01-11 20:01:59 ----HD---- C:\Program Files\InstallShield Installation Information
2014-01-11 19:58:38 ----D---- C:\Program Files\DVDVideoSoft
2014-01-11 19:58:37 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2014-01-11 19:50:32 ----D---- C:\Program Files\ScreenVCR
2014-01-11 19:49:05 ----D---- C:\Games
2014-01-11 19:49:03 ----RSD---- C:\Windows\Fonts
2014-01-11 19:41:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-11 01:07:25 ----D---- C:\Windows\pss
2014-01-11 00:56:03 ----D---- C:\Program Files\MyAshampoo
2013-12-20 23:03:25 ----D---- C:\Program Files\diamondata
2013-12-19 00:59:37 ----D---- C:\Windows\system32\catroot2
2013-12-15 21:34:24 ----D---- C:\ProgramData\DivX
2013-12-15 21:34:18 ----D---- C:\Program Files\DivX
2013-12-15 21:33:50 ----D---- C:\Program Files\Common Files\DivX Shared
2013-12-15 21:33:18 ----D---- C:\Users\maxici\AppData\Roaming\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-06-28 770344]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-06-28 369584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-20 1093120]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-10 4744704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-09-10 112640]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-06-12 47360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-12-23 138240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-04 204976]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 CoachUsb;Coach Digital Camera on USB; C:\Windows\system32\DRIVERS\CoachUsb.sys [2009-04-06 51392]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\Windows\system32\DRIVERS\gtusbmdm_gpc6400.sys [2004-06-11 62035]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-29 60416]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 XICTAMDM;CELOT-W USB MODEM Driver; C:\Windows\system32\DRIVERS\XICTAMDM.sys [2010-07-17 168024]
S3 XICTANmea;CELOT-W NMEA Device Driver(WDM); C:\Windows\system32\DRIVERS\XICTANmea.sys [2010-07-17 168024]
S3 XICTAVSP;CELOT-W DM Interface Driver(WDM); C:\Windows\system32\DRIVERS\XICTAVSP.sys [2010-07-17 168024]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-20 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Update diamondata;Update diamondata; C:\Program Files\diamondata\updatediamondata.exe [2014-01-10 97056]
R2 Util diamondata;Util diamondata; C:\Program Files\diamondata\bin\utildiamondata.exe [2014-01-10 97056]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-22 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-22 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-10 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Zdravim

Brouku je tam dost

Restartujte pc do nouzoveho rezimu s praci v siti a v nem udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Do nouzoveho rezimu se dostanete takto:
restartujte pc, mackejte klavesu F8 - pripadne jinou, zalezi na typu stroje - a zvolte moznost nouzovy rezim s praci v siti.
Kdyby to neslo, zde je jiny postup http://forum.viry.cz/viewtopic.php?f=46&t=7554

zde tedy výsledek scanu:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.12.04

Windows Vista Service Pack 2 x86 NTFS (Nouzový režim s podporou sítě)
Internet Explorer 7.0.6002.18005
maxici :: OLIV [administrátor]

Ochrana: Zakázána

12.1.2014 10:47:47
MBAM-log-2014-01-12 (13-05-21).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 444099
Uplynulý čas: 1 hodin, 25 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 43
HKLM\SYSTEM\CurrentControlSet\Services\Util diamondata (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CurrentControlSet\Services\Update diamondata (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{876C850E-B428-492F-B56B-3FCFCE83B9C9} (PUP.DownloadnSave) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{876C850E-B428-492F-B56B-3FCFCE83B9C9} (PUP.DownloadnSave) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{876C850E-B428-492F-B56B-3FCFCE83B9C9} (PUP.DownloadnSave) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\esrv.funmoodsESrvc.1 (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\esrv.funmoodsESrvc (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\funmoodsApp.appCore.1 (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\funmoodsApp.appCore (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{500D5C7B-562B-4E46-E6A4-C888A51F36E4} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{0095b496-f121-4256-96a0-09179828cc16} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{da524058-bdb4-482a-997a-338ae04d7156} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{E20931F3-DC46-4FAF-A87D-20C5BBA3BAB5} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\IMEAPI.CImeProductObjectJK.1 (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\IMEAPI.CImeProductObjectJK (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{FDFFC073-9A85-E678-02E5-82B5A56C75D3} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\f (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055AF109-DE93-4160-BCFC-7DA70ECAA020} (PUP.Optional.Diamonddata) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search (PUP.FunMoods) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip (PUP.Adware.Gotclip.ScamLotto) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diamondata (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432} (PUP.Optional.wxDfast) -> Nebyla provedena žádná instrukce.
HKCU\Software\diamondata (PUP.Optional.diamondata.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\diamondata (PUP.Optional.Diamondata.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mstgqtSrv (Trojan.Script) -> Data: "C:\Windows\system32\mstgqt.vbe" mskbjybb msamalgw -> Nebyla provedena žádná instrukce.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 1N1F1I1H1I1T1U1I1CtG0DtF1Y -> Nebyla provedena žádná instrukce.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {BE0261E0-B6FB-44B9-906E-0AB82922A89C} -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {BE0261E0-B6FB-44B9-906E-0AB82922A89C} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 15
C:\Program Files\diamondata (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\plugins (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\update (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\wxDfast (PUP.Optional.wxDfast) -> Nebyla provedena žádná instrukce.
C:\ProgramData\wxDfast\data (PUP.Optional.wxDfast) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\LocalLow\Funmoods (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\LocalLow\Funmoods\Funmoods (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22 (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\bh (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\Roaming\OpenCandy\962D87ECAE01400CA0FFC8EDF0FD6338 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\Roaming\OpenCandy\OpenCandy_962D87ECAE01400CA0FFC8EDF0FD6338 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 43
C:\Program Files\diamondata\bin\utildiamondata.exe (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\updatediamondata.exe (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\IME\shared\IMJKAPI.DLL (PUP.Optional.Funmoods.A) -> Nebyla provedena žádná instrukce.
C:\Games\American McGee's Alice\Key Generator For 166 EA Games.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files\BitTorrentControl_v12\BitTorrentControl_v12ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\update\pxabi32o.ixz.exe (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.FunMoods) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Nebyla provedena žádná instrukce.
C:\Program Files\GotClip\Uninstall.exe (PUP.Adware.Gotclip.ScamLotto) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\Local\Conduit\CT3225826\BitTorrentControl_v12AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\msamalgw.vbe (Trojan.Script) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\mstgqt.vbe (Trojan.Script) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\diamondata.ico (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\diamondata.Common.dll (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\diamondataUninstall.exe (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\sqlite3.exe (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\updatediamondata.InstallState (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\diamondata.BrowserFilter.Helper.dll (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\diamondata.BrowserFilter.Helper.dll.old.e559c418-9046-467e-b74c-9dee46aefbfd (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\diamondataBrowserFilter.exe (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\sqlite3.dll (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\utildiamondata.InstallState (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\plugins\diamondata.BrowserFilter.dll (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\plugins\diamondata.FFUpdate.dll (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\plugins\diamondata.GCUpdate.dll (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\diamondata\bin\plugins\diamondata.IEUpdate.dll (PUP.Optional.DiamonData.A) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\Local\funmoods.crx (PUP.Funmoods) -> Nebyla provedena žádná instrukce.
C:\ProgramData\wxDfast\background.html (PUP.Optional.wxDfast) -> Nebyla provedena žádná instrukce.
C:\ProgramData\wxDfast\content.js (PUP.Optional.wxDfast) -> Nebyla provedena žádná instrukce.
C:\ProgramData\wxDfast\hjakmojkcnhgipgkkbiempkfdndcnlah.crx (PUP.Optional.wxDfast) -> Nebyla provedena žádná instrukce.
C:\ProgramData\wxDfast\settings.ini (PUP.Optional.wxDfast) -> Nebyla provedena žádná instrukce.
C:\ProgramData\wxDfast\uninstall.exe (PUP.Optional.wxDfast) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
C:\Users\maxici\AppData\Roaming\OpenCandy\962D87ECAE01400CA0FFC8EDF0FD6338\TuneUpUtilities2013-2200329_cs-CZ.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

(konec)

Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste, zda neco nasel a podle toho zvolim dalsi postup.

takže tady je log po smazání všech bubáků, které scan našel a po restartu pc - už to vypadá lépe

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.12.04

Windows Vista Service Pack 2 x86 NTFS (Nouzový režim s podporou sítě)
Internet Explorer 7.0.6002.18005
maxici :: OLIV [administrátor]

Ochrana: Zakázána

12.1.2014 13:52:45
mbam-log-2014-01-12 (13-52-45).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 442071
Uplynulý čas: 1 hodin, 25 minut, 27 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Co vypada lepe, ten log, nebo pocitac?


Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Oboje

tady přikládám log z AdwCleaneru

# AdwCleaner v3.016 - Report created 12/01/2014 at 16:03:28
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : maxici - OLIV
# Running from : C:\Users\maxici\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\maxici\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\maxici\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
File Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\.autoreg
File Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\searchplugins\askcomsearch.xml
File Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\searchplugins\search.xml
File Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\user.js
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\4f81e9107dc6b@4f81e9107dc6d.info
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\4f81e9107dc6b@4f81e9107dc6d.info
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\ffxtlbr@funmoods.com
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\ffxtlbr@funmoods.com
Folder Found : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\ffxtlbr@funmoods.com
Folder Found C:\Program Files\BitLord
Folder Found C:\Program Files\BitTorrentControl_v12
Folder Found C:\Program Files\BS_Player
Folder Found C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ConduitEngine
Folder Found C:\Program Files\DVDVideoSoftTB
Folder Found C:\Program Files\DVDVideoSoftTB
Folder Found C:\Program Files\MyAshampoo
Folder Found C:\Program Files\myfree codec
Folder Found C:\Program Files\Reganam
Folder Found C:\ProgramData\Alawar Stargaze
Folder Found C:\ProgramData\AlawarWrapper
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\ICQ\ICQToolbar
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\maxici\AppData\Local\Conduit
Folder Found C:\Users\maxici\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\maxici\AppData\LocalLow\BitTorrentControl_v12
Folder Found C:\Users\maxici\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\maxici\AppData\LocalLow\BS_Player
Folder Found C:\Users\maxici\AppData\LocalLow\Conduit
Folder Found C:\Users\maxici\AppData\LocalLow\ConduitEngine
Folder Found C:\Users\maxici\AppData\LocalLow\DVDVideoSoftTB
Folder Found C:\Users\maxici\AppData\LocalLow\DVDVideoSoftTB
Folder Found C:\Users\maxici\AppData\LocalLow\MyAshampoo
Folder Found C:\Users\maxici\AppData\LocalLow\Reganam
Folder Found C:\Users\maxici\AppData\LocalLow\wxDfast
Folder Found C:\Users\maxici\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\maxici\AppData\Roaming\yourfiledownloader
Folder Found C:\Windows\TempDir

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1fd29eb1b46a0ad612f4f9886d1a825c
Key Found : HKCU\Software\a5e28652a9fca8f12f869e43ccaa696c
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Found : HKCU\Software\AppDataLow\Software\BS_Player
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\MyAshampoo
Key Found : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Key Found : HKCU\Software\AppDataLow\Software\Reganam
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dt soft\daemon tools toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F4C5E11-0612-48D2-8055-987992AAC432}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentControl_v12 Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods Web Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyAshampoo Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reganam Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB9D7A78-A76C-4BF2-97C6-258925EE1542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BitTorrentControl_v12
Key Found : HKLM\SOFTWARE\BS_Player
Key Found : HKLM\Software\BS_Player
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B69AB9E-64FC-40A5-B51E-275841AF64AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{013CD240-DA2D-4853-A046-BEC2BE73CC1C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08C3FC44-648B-4803-9899-C4530A5B3F4A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB9D7A78-A76C-4BF2-97C6-258925EE1542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6D61EF5A-6037-4B35-8388-C0A67ABEEF1E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reganam Toolbar
Key Found : HKLM\Software\MyAshampoo
Key Found : HKLM\Software\MyAshampoo\toolbar
Key Found : HKLM\Software\Myfree Codec
Key Found : HKLM\Software\Reganam
Key Found : HKLM\Software\Trymedia Systems
Key Found : HKLM\Software\YourFileDownloader
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DB9D7A78-A76C-4BF2-97C6-258925EE1542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{DB9D7A78-A76C-4BF2-97C6-258925EE1542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB9D7A78-A76C-4BF2-97C6-258925EE1542}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DB9D7A78-A76C-4BF2-97C6-258925EE1542}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4f81e9107dc6b@4f81e9107dc6d.info]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4f81e9107dc6b@4f81e9107dc6d.info]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://qip.ru
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.qip.ru
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page] - hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyDyE0DyC0AtCzyyDtB0DtN0D0TzutBtDtCtBtDyCtByB&cr=519195370
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://search.qip.ru/ie
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyDyE0DyC0AtCzyyDtB0DtN0D0TzutBtDtCtBtDyCtByB&cr=519195370

-\\ Mozilla Firefox v

[ File : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Ask.com Search");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com Search");
Line Found : user_pref("browser.search.order.1", "Ask.com Search");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyDyE0DyC0AtCzyyDtB0DtN0D0TzutBtDtCtBtDyCtByB&cr=519195370");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111374");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "408f952d000000000000000000000000");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "408f952d000000000000000000000000");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15439");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:26:33");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.funmoods.aflt", "iron2");
Line Found : user_pref("extensions.funmoods.autoRvrt", false);
Line Found : user_pref("extensions.funmoods.dfltLng", "");
Line Found : user_pref("extensions.funmoods.dfltSrch", true);
Line Found : user_pref("extensions.funmoods.dnsErr", true);
Line Found : user_pref("extensions.funmoods.envrmnt", "production");
Line Found : user_pref("extensions.funmoods.excTlbr", false);
Line Found : user_pref("extensions.funmoods.hmpg", true);
Line Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyDyE0DyC0AtCzyyDtB0DtN0D0TzutBtDtCtBtDyCtByB&cr=519195370");
Line Found : user_pref("extensions.funmoods.id", "408f952d0000000000000c607654d6a1");
Line Found : user_pref("extensions.funmoods.instlDay", "15518");
Line Found : user_pref("extensions.funmoods.instlRef", "iron2");
Line Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyDyE0DyC0AtCzyyDtB0DtN0D0TzutBtDtCtBtDyCtByB&cr=519195370");
Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Found : user_pref("extensions.funmoods.tlbrId", "base");
Line Found : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Line Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Found : user_pref("extensions.funmoods_i.newTab", true);
Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2210:37:25");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\maxici\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [26791 octets] - [12/01/2014 16:03:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [26852 octets] ##########

jackalope píše:Oboje

To je dobře


Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.


Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

AdwCleaner po opravě a restartu:

# AdwCleaner v3.016 - Report created 12/01/2014 at 16:19:41
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : maxici - OLIV
# Running from : C:\Users\maxici\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
Folder Deleted : C:\Program Files\BitLord
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\DVDVideoSoftTB
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\BitTorrentControl_v12
Folder Deleted : C:\Program Files\BS_Player
Folder Deleted : C:\Program Files\MyAshampoo
Folder Deleted : C:\Program Files\Reganam
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Windows\TempDir
Folder Deleted : C:\Users\maxici\AppData\Local\Conduit
Folder Deleted : C:\Users\maxici\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\maxici\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\maxici\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\maxici\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\maxici\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\maxici\AppData\LocalLow\wxDfast
Folder Deleted : C:\Users\maxici\AppData\LocalLow\BitTorrentControl_v12
Folder Deleted : C:\Users\maxici\AppData\LocalLow\BS_Player
Folder Deleted : C:\Users\maxici\AppData\LocalLow\MyAshampoo
Folder Deleted : C:\Users\maxici\AppData\LocalLow\Reganam
Folder Deleted : C:\Users\maxici\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\maxici\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\4f81e9107dc6b@4f81e9107dc6d.info
Folder Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
File Deleted : C:\END
File Deleted : C:\Users\maxici\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\maxici\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
File Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\.autoreg
File Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\searchplugins\askcomsearch.xml
File Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\searchplugins\search.xml
File Deleted : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4f81e9107dc6b@4f81e9107dc6d.info]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\BS_Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Deleted : HKCU\Software\1fd29eb1b46a0ad612f4f9886d1a825c
Key Deleted : HKCU\Software\a5e28652a9fca8f12f869e43ccaa696c
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B69AB9E-64FC-40A5-B51E-275841AF64AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB9D7A78-A76C-4BF2-97C6-258925EE1542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB9D7A78-A76C-4BF2-97C6-258925EE1542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6D61EF5A-6037-4B35-8388-C0A67ABEEF1E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08C3FC44-648B-4803-9899-C4530A5B3F4A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{013CD240-DA2D-4853-A046-BEC2BE73CC1C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB9D7A78-A76C-4BF2-97C6-258925EE1542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DB9D7A78-A76C-4BF2-97C6-258925EE1542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{DB9D7A78-A76C-4BF2-97C6-258925EE1542}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DB9D7A78-A76C-4BF2-97C6-258925EE1542}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo
Key Deleted : HKCU\Software\AppDataLow\Software\Reganam
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\MyAshampoo\toolbar
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\Software\BitTorrentControl_v12
Key Deleted : HKLM\Software\MyAshampoo
Key Deleted : HKLM\Software\Reganam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reganam Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F4C5E11-0612-48D2-8055-987992AAC432}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods Web Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentControl_v12 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyAshampoo Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reganam Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v

[ File : C:\Users\maxici\AppData\Roaming\Mozilla\Firefox\Profiles\8ywbft4b.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com Search");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com Search");
Line Deleted : user_pref("browser.search.order.1", "Ask.com Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyDyE0DyC0AtCzyyDtB0DtN0D0TzutBtDtCtBtDyCtByB&cr=519195370");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111374");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "408f952d000000000000000000000000");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "408f952d000000000000000000000000");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15439");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:26:33");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.funmoods.aflt", "iron2");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hmpg", true);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyDyE0DyC0AtCzyyDtB0DtN0D0TzutBtDtCtBtDyCtByB&cr=519195370");
Line Deleted : user_pref("extensions.funmoods.id", "408f952d0000000000000c607654d6a1");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15518");
Line Deleted : user_pref("extensions.funmoods.instlRef", "iron2");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyDyE0DyC0AtCzyyDtB0DtN0D0TzutBtDtCtBtDyCtByB&cr=519195370");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2210:37:25");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\maxici\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [26933 octets] - [12/01/2014 16:03:28]
AdwCleaner[S0].txt - [22951 octets] - [12/01/2014 16:19:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23012 octets] ##########

Rogue Killer:

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : maxici [Práva správce]
Mód : Kontrola -- Datum : 01/12/2014 16:35:58
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] sms.exe -- C:\Users\maxici\AppData\Local\Temp\sms.exe [-] -> SMAZÁNO [TermProc]
[SUSP PATH] smms.exe -- C:\Users\maxici\AppData\Local\Temp\smms.exe [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : 1fd29eb1b46a0ad612f4f9886d1a825c ("C:\Users\maxici\AppData\Local\Temp\sms.exe" .. [-]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : a5e28652a9fca8f12f869e43ccaa696c ("C:\Users\maxici\AppData\Local\Temp\smms.exe" .. [-]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{C16CA5E0-F861-4A24-BE0B-3BB52D004DD8} : NameServer (188.92.8.18,188.92.11.3 [CZECH REPUBLIC (CZ) - (Unknown Country?) (XX)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{EAAF58B7-0743-43F9-B3CA-73F06AF32837} : NameServer (217.77.165.81 217.77.161.131 [CZECH REPUBLIC (CZ) - CZECH REPUBLIC (CZ)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{C16CA5E0-F861-4A24-BE0B-3BB52D004DD8} : NameServer (188.92.8.18,188.92.11.3 [CZECH REPUBLIC (CZ) - (Unknown Country?) (XX)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{EAAF58B7-0743-43F9-B3CA-73F06AF32837} : NameServer (217.77.165.81 217.77.161.131 [CZECH REPUBLIC (CZ) - CZECH REPUBLIC (CZ)]) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\maxici\AppData\Local\Temp\IHU535C.tmp.exe [x][x] -> NALEZENO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] 6ecce91a2a03348d9553052cd81168af
[BSP] b831112e34f3ac02b5828b83b7594370 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 297230 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 608729088 | Size: 8011 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_01122014_163558.txt >>

No, MBAM uz to sice nenasel, ale RK to opet hlasi

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

asi to má tužší kořínek

tady Rogue Killer po smazání:

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : maxici [Práva správce]
Mód : Odebrat -- Datum : 01/12/2014 17:02:16
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] sms.exe -- C:\Users\maxici\AppData\Local\Temp\sms.exe [-] -> SMAZÁNO [TermProc]
[SUSP PATH] smms.exe -- C:\Users\maxici\AppData\Local\Temp\smms.exe [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : 1fd29eb1b46a0ad612f4f9886d1a825c ("C:\Users\maxici\AppData\Local\Temp\sms.exe" .. [-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : a5e28652a9fca8f12f869e43ccaa696c ("C:\Users\maxici\AppData\Local\Temp\smms.exe" .. [-]) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\maxici\AppData\Local\Temp\IHU535C.tmp.exe [x][x] -> VYMAZÁNO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] 6ecce91a2a03348d9553052cd81168af
[BSP] b831112e34f3ac02b5828b83b7594370 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 297230 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 608729088 | Size: 8011 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_01122014_170216.txt >>
RKreport[0]_S_01122014_163558.txt


A Rogue Killer po "oprava host"

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : maxici [Práva správce]
Mód : Oprava HOSTS -- Datum : 01/12/2014 17:03:04
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] sms.exe -- C:\Users\maxici\AppData\Local\Temp\sms.exe [-] -> SMAZÁNO [TermProc]
[SUSP PATH] smms.exe -- C:\Users\maxici\AppData\Local\Temp\smms.exe [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_01122014_170304.txt >>
RKreport[0]_D_01122014_170216.txt;RKreport[0]_S_01122014_163558.txt

A proto pritvrdime i my.


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

log z combofixu:

ComboFix 14-01-12.01 - maxici 12.01.2014 19:37:16.1.2 - x86
Spuštěný z: c:\users\maxici\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\maxici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1fd29eb1b46a0ad612f4f9886d1a825c.exe
c:\users\maxici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a5e28652a9fca8f12f869e43ccaa696c.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-12 do 2014-01-12 )))))))))))))))))))))))))))))))
.
.
2014-01-12 15:03 . 2014-01-12 15:19 -------- d-----w- C:\AdwCleaner
2014-01-12 09:41 . 2014-01-12 09:41 -------- d-----w- c:\users\maxici\AppData\Roaming\Malwarebytes
2014-01-12 09:41 . 2014-01-12 09:41 -------- d-----w- c:\programdata\Malwarebytes
2014-01-12 09:41 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-12 09:41 . 2014-01-12 09:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-12 08:06 . 2014-01-12 08:06 -------- d-----w- C:\rsit
2014-01-12 08:06 . 2014-01-12 08:06 -------- d-----w- c:\program files\trend micro
2014-01-11 21:57 . 2014-01-11 21:57 -------- d-----w- c:\program files\CCleaner
2014-01-11 17:52 . 2014-01-11 22:23 -------- d-----w- c:\program files\ESET
2014-01-10 23:21 . 2014-01-11 22:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-01-10 23:21 . 2014-01-11 22:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-01-10 12:31 . 2013-08-11 14:40 43520 --s-a-w- c:\windows\system32\nircmdc.exe
2014-01-10 12:11 . 2014-01-10 23:41 -------- d-----r- c:\users\maxici\Dropbox
2014-01-10 12:00 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D97CFFAB-1DA2-408F-B6DA-AA3500447506}\mpengine.dll
2013-12-15 20:36 . 2013-12-15 20:36 -------- d-----w- c:\users\maxici\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-12 15:35 . 2014-01-12 15:35 168024 ----a-w- c:\windows\system32\drivers\XICTAVSP.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 168024 ----a-w- c:\windows\system32\drivers\XICTANmea.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 168024 ----a-w- c:\windows\system32\drivers\XICTAMDM.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 15872 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 17976 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 19560 ----a-w- c:\windows\system32\drivers\wd.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 62464 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 20608 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 112232 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 110080 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 54376 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-12 15:35 . 2014-01-12 15:35 39424 ----a-w- c:\windows\system32\drivers\viac7.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 17512 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 29696 ----a-w- c:\windows\system32\drivers\VClone.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 134016 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 65536 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-12 15:35 . 2014-01-12 15:35 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 226304 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 68608 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 5888 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 7680 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 34816 ----a-w- c:\windows\system32\drivers\umbus.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 98408 ----a-w- c:\windows\system32\drivers\ulsata.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 58472 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-12 15:35 . 2014-01-12 15:35 235112 ----a-w- c:\windows\system32\drivers\uliahci.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 115816 ----a-w- c:\windows\system32\drivers\ulsata2.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 226816 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 56936 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-12 15:35 . 2014-01-12 15:35 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 23552 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS.bak
2014-01-12 15:35 . 2014-01-12 15:35 53224 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 72192 ----a-w- c:\windows\system32\drivers\tdx.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 29184 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 20992 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 204976 ----a-w- c:\windows\system32\drivers\SynTP.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 34920 ----a-w- c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 35944 ----a-w- c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 31848 ----a-w- c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 15288 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 52992 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 146432 ----a-w- c:\windows\system32\drivers\srv2.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 122344 ----a-w- c:\windows\system32\drivers\Storport.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 305152 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 684032 ----a-w- c:\windows\system32\drivers\spsys.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 66560 ----a-w- c:\windows\system32\drivers\smb.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 21048 ----a-w- c:\windows\system32\drivers\spldr.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 71784 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 53352 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-12 15:35 . 2014-01-12 15:35 38504 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 83320 ----a-w- c:\windows\system32\drivers\sfvfs02.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 13680 ----a-w- c:\windows\system32\drivers\sfhlp02.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 13312 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 12800 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 13312 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 63096 ----a-w- c:\windows\system32\drivers\sfdrv01a.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 59000 ----a-w- c:\windows\system32\drivers\sfdrv01.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 142904 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 76392 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 60416 ----a-w- c:\windows\system32\drivers\RTSTOR.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 56268 ----a-w- c:\windows\system32\drivers\scdemu.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 138240 ----a-w- c:\windows\system32\drivers\Rtlh86.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 8192 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 60416 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys.bak
2014-01-12 15:35 . 2014-01-12 15:35 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 153624]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^maxici^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^love test.exe]
path=c:\users\maxici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\love test.exe
backup=c:\windows\pss\love test.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 16:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-03-06 16:39 574296 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-08-29 00:23 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-11-02 12:52 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2010-05-25 18:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 17:50 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1937874605-1975404794-337259606-1000Core.job
- c:\users\maxici\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-19 05:05]
.
2014-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1937874605-1975404794-337259606-1000UA.job
- c:\users\maxici\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-19 05:05]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 16:50]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 16:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\maxici\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\maxici\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{C16CA5E0-F861-4A24-BE0B-3BB52D004DD8}: NameServer = 188.92.8.18,188.92.11.3
TCP: Interfaces\{EAAF58B7-0743-43F9-B3CA-73F06AF32837}: NameServer = 217.77.165.81 217.77.161.131
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-1fd29eb1b46a0ad612f4f9886d1a825c - c:\users\maxici\AppData\Local\Temp\sms.exe
MSConfigStartUp-a5e28652a9fca8f12f869e43ccaa696c - c:\users\maxici\AppData\Local\Temp\smms.exe
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
AddRemove-MotiveReportAgent - c:\program files\TO2SAM\McciBrowser.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-12 19:49
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2014-01-12 19:52:50
ComboFix-quarantined-files.txt 2014-01-12 18:52
.
Před spuštěním: Volných bajtů: 71 054 356 480
Po spuštění: Volných bajtů: 70 986 997 760
.
- - End Of File - - 6BC211BA3C7E616D0CFEF694DAD1EABF
5C616939100B85E558DA92B899A0FC36

Pokud to jeste v pc je, odinstalujte Spybota a Advanced SystemCare


Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku



8.2. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975